Package: rsync Version: 3.2.3-4+deb11u1 Severity: critical Justification: causes serious data loss X-Debbugs-Cc: debbug.rs...@sideload.33mail.com
I accidentally ran: $ rsync -va --progress --remove-source-files "$dir_with_many_files" "$dir_with_many_files" Due to a typo when using bash history substitution, the source and destination were both directories and they both named the same directory. The expectation is that rsync should detect movement from A to A and do nothing apart from warning the user that there is nothing to do. Instead, because of the “--remove-source-files” option, rsync DESTROYS all the files in "$dir_with_many_files" irrevokably. There needs to be a safeguard that prevents --remove-source-files from having effect if: * Files are not copied to the destination (for any reason) * The source and destination are the same I suffered data loss because of this. At the very least, if it’s really intended for “rsync --remove-source-files $A $A” to effectively behave like “rm -rf $A/*”, there AT LEAST needs to be a very loud warning prompting the user for confirmation. But I conjecture that there never is a legit scenario where “rsync --remove-source-files” simply destroys files without safely ensuring they exist somewhere in the end. -- System Information: Debian Release: 11.4 APT prefers stable-updates APT policy: (990, 'stable-updates'), (990, 'stable-security'), (990, 'testing'), (990, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.10.0-16-amd64 (SMP w/2 CPU threads) Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages rsync depends on: ii init-system-helpers 1.60 ii libacl1 2.2.53-10 ii libc6 2.31-13+deb11u3 ii liblz4-1 1.9.3-2 ii libpopt0 1.18-2 ii libssl1.1 1.1.1n-0+deb11u3 ii libxxhash0 0.8.0-2 ii libzstd1 1.4.8+dfsg-2.1 ii lsb-base 11.1.0 ii zlib1g 1:1.2.11.dfsg-2+deb11u1 rsync recommends no packages. Versions of packages rsync suggests: ii openssh-client 1:8.4p1-5+deb11u1 ii openssh-server 1:8.4p1-5+deb11u1 ii python3 3.9.2-3 -- no debconf information
