Maxim Dounin announces the freenginx project.

As such, starting from today, I will no longer participate in nginx development as run by F5. Instead, I’m starting an alternative project, which is going to be run by developers, and not corporate entities:

  • MangoPenguin
    link
    fedilink
    English
    arrow-up
    24
    ·
    10 months ago

    Making corporate over security decisions.

    I read the opposite essentially, that F5 is publishing CVEs and the dev did not want them to.

    • towerful@programming.dev
      link
      fedilink
      arrow-up
      14
      ·
      10 months ago

      Yeh, seems like the CVEs were against an alpha branch.
      So, perhaps its a good reminder not to use alpha in production… But I feel it warranted a bug report instead of a “Common Vulnerabilities and Exploits” notice, normally something used to notify potentially production deployed systems of an issue.

      That would be like Pepsi issuing a product recall to all retail outlers for a product that has only been tested internally (kinda)

      • Kushan@lemmy.world
        link
        fedilink
        English
        arrow-up
        11
        ·
        10 months ago

        I think it’s more like pepsi issuing a product recall for something that has been accidentally left on the side of the road. You know you should not be drinking it anyway, but you also know someone would try it.

        • Bene7rddso@feddit.de
          link
          fedilink
          arrow-up
          3
          ·
          10 months ago

          It was on purpose on the side of the road so people could gice feedback. But the issue wasn’t a health issue (privilege escalation, etc), it just wasn’t tasty (DoS). Something you really don’t want to sell in the store, but in an alpha/beta version it’s no big deal