Maxim Dounin announces the freenginx project.

As such, starting from today, I will no longer participate in nginx development as run by F5. Instead, I’m starting an alternative project, which is going to be run by developers, and not corporate entities:

You are viewing a single thread.
View all comments
60 points
*

TLDR; F5 owns Nginx. Making corporate over security decisions. New community fork from one of the core devs at http://freenginx.org/. Too new to know if it will be adopted by other mainstream projects that currently leverage/embed nginx.

Note: If you use nginx and are concerned about security, consider a look at projects such as owasp/modsecurity-crs which include security layers on top of nginx.

permalink
report
reply
25 points

Making corporate over security decisions.

I read the opposite essentially, that F5 is publishing CVEs and the dev did not want them to.

permalink
report
parent
reply
1 point

I’ll justbuse this excuse to repost my thoughts from the other threas https://lemmy.ml/comment/8358568

permalink
report
parent
reply
14 points

Yeh, seems like the CVEs were against an alpha branch.
So, perhaps its a good reminder not to use alpha in production… But I feel it warranted a bug report instead of a “Common Vulnerabilities and Exploits” notice, normally something used to notify potentially production deployed systems of an issue.

That would be like Pepsi issuing a product recall to all retail outlers for a product that has only been tested internally (kinda)

permalink
report
parent
reply
11 points

I think it’s more like pepsi issuing a product recall for something that has been accidentally left on the side of the road. You know you should not be drinking it anyway, but you also know someone would try it.

permalink
report
parent
reply
9 points
Deleted by creator
permalink
report
parent
reply
3 points

I will never understand how they became so massive.

permalink
report
parent
reply
6 points

I could say the same about Microsoft.

permalink
report
parent
reply
49 points

That doesn’t seem to be the case. From what I read on HN, the dev quit because he thought it didn’t make sense to submit CVEs for temporary/wip solutions, and F5 thought otherwise.

So as I see it, the developer quit because he didn’t agree that a CVE should be opened for a work-in-progress solution that was live on Nginx.

permalink
report
parent
reply
37 points

So basically just drama?

permalink
report
parent
reply
18 points

That’s what I read, too.
It gives a new perspective on the subject.

Sad to see the workforce being split up, though.

permalink
report
parent
reply

Linux

!linux@lemmy.ml

Create post

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

  • Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
  • No misinformation
  • No NSFW content
  • No hate speech, bigotry, etc

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

Community stats

  • 7.5K

    Monthly active users

  • 6.6K

    Posts

  • 179K

    Comments