- cross-posted to:
- opensource@lemmy.ml
- foss@beehaw.org
- cross-posted to:
- opensource@lemmy.ml
- foss@beehaw.org
Maxim Dounin announces the freenginx project.
As such, starting from today, I will no longer participate in nginx development as run by F5. Instead, I’m starting an alternative project, which is going to be run by developers, and not corporate entities:
TLDR; F5 owns Nginx. Making corporate over security decisions. New community fork from one of the core devs at http://freenginx.org/. Too new to know if it will be adopted by other mainstream projects that currently leverage/embed nginx.
Note: If you use nginx and are concerned about security, consider a look at projects such as
owasp/modsecurity-crswhich include security layers on top of nginx.That doesn’t seem to be the case. From what I read on HN, the dev quit because he thought it didn’t make sense to submit CVEs for temporary/wip solutions, and F5 thought otherwise.
So as I see it, the developer quit because he didn’t agree that a CVE should be opened for a work-in-progress solution that was live on Nginx.
So basically just drama?