After reading more into this, the dev sounds like he’s being a twat.
Nginx had some security bugs in alpha code. F5 issued cve’s for it, the dev didn’t want them to because it wasn’t code in a stable release. That’s the entire story from what I can tell.
I don’t feel like f5 was in the wrong here, and running off to raise a stink seems like an excessive response here.
Can you share links to the further reading? I use nginx and would love to know more about what’s happening.
For sure, most of the good discussion was on hacker news here: https://news.ycombinator.com/item?id=39373327 and https://news.ycombinator.com/item?id=39373612
Megazone is one of the F5 security people and posted here: https://news.ycombinator.com/item?id=39374312
This is the best summary I could come up with:
Maxim Dounin as one of the longtime core developers of the Nginx web server announced the creation today of a new fork of the project called Freenginx.
Dounin explained in announcing Freenginx: "As you probably know, F5 closed Moscow office in 2022, and I no longer work for F5 since then.
Still, we’ve reached an agreement that I will maintain my role in nginx development as a volunteer.
Unfortunately, some new non-technical management at F5 recently decided that they know better how to run open source projects.
That’s quite understandable: they own the project, and can do anything with it, including doing marketing-motivated actions, ignoring developers position and community.
The goal of the project is to keep nginx development free from arbitrary corporate actions."
The original article contains 318 words, the summary contains 124 words. Saved 61%. I’m a bot and I’m open source!