this post was submitted on 16 Feb 2024
204 points (98.1% liked)

Technology

57457 readers
4590 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
L3s@lemmy.world
enu@lemm.ee
fry@fry.gs
L3s@fry.gs
enu@lemmy.world
L4s@fry.gs
L4s@lemmy.world
204
Nginx core developer quits project in security dispute, starts “freenginx” fork (arstechnica.com)
submitted 6 months ago by AnActOfCreation@programming.dev to c/technology@lemmy.world
17 comments fedilink hide all child comments
 
  • A core developer of Nginx, the popular web server, has quit the project and started a fork called freenginx.
  • The developer cited disagreements with the new management at F5, which acquired Nginx Inc. in 2019, over security policies.
  • The dispute arose from the assigning of Common Vulnerabilities and Exposures (CVEs) to bugs in the experimental HTTP/3 code.

Archive link: https://archive.ph/U4XRN

you are viewing a single comment's thread
view the rest of the comments
[–] autotldr@lemmings.world 15 points 6 months ago

This is the best summary I could come up with:

A core developer of Nginx, currently the world's most popular web server, has quit the project, stating that he no longer sees it as "a free and open source project… for the public good."

Later that year, two of Nginx's leaders, Maxim Konovalov and Igor Sysoev, were detained and interrogated in their homes by armed Russian state agents.

While the criminal charges and rights do not appear to have materialized, the implications of a Russian company's intrusion into a popular open source piece of the web's infrastructure caused some alarm.

Comments on Hacker News, including one by a purported employee of F5, suggest Dounin opposed the assigning of published CVEs (Common Vulnerabilities and Exposures) to bugs in aspects of QUIC.

MegaZone wrote to Ars (noting that he only spoke for himself and not F5), stating, "It's an unfortunate situation, but I think we did the right thing for the users in assigning CVEs and following public disclosure practices.

F5 is committed to delivering successful open source projects that require a large and diverse community of contributors, as well as applying rigorous industry standards forassigning and scoring identified vulnerabilities.

The original article contains 833 words, the summary contains 188 words. Saved 77%. I'm a bot and I'm open source!