Technology

73833 readers

4262 users here now

This is a most excellent place for technology news and articles.

Our Rules

Follow the lemmy.world rules.
Only tech related news or articles.
Be excellent to each other!
Mod approved content bots can post up to 10 articles per day.
Threads asking for personal tech support may be deleted.
Politics threads may be removed.
No memes allowed as posts, OK to post as comments.
Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
Check for duplicates before posting, duplicates may be removed
Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago

MODERATORS

L3s@lemmy.world

enu@lemmy.world

technopagan@lemmy.world

L4s@lemmy.world

L3s@hackingne.ws

L4s@hackingne.ws

193

Nginx core developer quits project in security dispute, starts “freenginx” fork (arstechnica.com)

submitted 2 years ago by AnActOfCreation@programming.dev to c/technology@lemmy.world

16 comments fedilink hide all child comments

A core developer of Nginx, the popular web server, has quit the project and started a fork called freenginx.
The developer cited disagreements with the new management at F5, which acquired Nginx Inc. in 2019, over security policies.
The dispute arose from the assigning of Common Vulnerabilities and Exposures (CVEs) to bugs in the experimental HTTP/3 code.

Archive link: https://archive.ph/U4XRN

you are viewing a single comment's thread
view the rest of the comments

[–] just_another_person@lemmy.world 7 points 2 years ago

Not particularly when you consider it is standard practice to NOT be charging for CVE and emergency for released products from similar companies. Hell, even RedHat pushed upstream and downstream packages to CentOS if they were the first to patch. Happens with Canonical and the Debian team as well. This engineer saw what F5 was doing, thought it was wrong, and bailed. Seems like a valid response to me.