this post was submitted on 02 May 2024
81 points (96.6% liked)

Open Source

31250 readers
239 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 5 years ago
MODERATORS
top 17 comments
sorted by: hot top controversial new old
[–] [email protected] 27 points 6 months ago (5 children)

Wait; he was pissed that F5 wanted to treat something as a security issue where he “and the developers” (citation needed) wanted to treat it as a normal bug. So, the “evil corporate overlords” wanted to fix something via hotfix-release, while he wanted the fix to be shipped later with a regular release?

So the company wanted — just so I get this straight — to fix a thing sooner, and therefore they are evil. They wanted to provide something that benefited users sooner and… how exactly does that make them worthy of scorn? guys, help me out, what am I missing here?

[–] [email protected] 29 points 6 months ago

The security issue was found in a development build, not a production release. There were no users to benefit from the CVE, because none were affected. If there were exceptions that were using development builds, it on them.

[–] [email protected] 13 points 6 months ago (1 children)

No, the guy is the original developer of nginx, he fucking is nginx. F5 took over nginx through legal battle stating that Dounin has worked on Nginx on work time, which he denies. There was even a police raid against nginx in Russia.

[–] [email protected] 3 points 6 months ago* (last edited 6 months ago)

All wrong. Original developer of nginx was Igor Sysoev, and his employer who sued him was Rambler.

[–] [email protected] 7 points 6 months ago

Afaik the bug was never present in a release. The developer who quit had to jump through a bunch of hoops, and treat it as a security issue, when it only affected people running the latest git commit.

[–] [email protected] 4 points 6 months ago

No no you don't understand. The evil corporate overlords abused their power to force a choice on a developer, even though that choice was objectively the right choice and the developer was throwing a tantrum.

This is truly awful. We must not let evil corporations, no matter their credentials, expertise, and decades of beneficial partnership with open source, tell immature and short sighted developers how to develop.

[–] [email protected] 3 points 6 months ago

Working as a corpo codemonkey myself, I've learned that upper management types don't know jack shit about making quality software while also having ultimate control over what the devs work on.

[–] [email protected] 14 points 6 months ago (1 children)

this article is from feb 26

[–] [email protected] 6 points 6 months ago (1 children)

Even better, the dude forked because a security issue in “experimental” but nonetheless released feature was responsibly announced.

Talk about an ego.

[–] [email protected] 10 points 6 months ago (1 children)

So dev code is getting cves now. Wow going to be a lot of them.

[–] [email protected] 4 points 6 months ago

Support for QUIC and HTTP/3 protocols is available since 1.25.0. Also, since 1.25.0, the QUIC and HTTP/3 support is available in Linux binary packages.

https://nginx.org/en/docs/quic.html

2023-05-23 nginx-1.25.0 mainline version has been released, featuring experimental HTTP/3 support.

https://nginx.org/2023.html

It’s not a dev code. It would also take a mere minute to check this before failing to sound smart.

[–] [email protected] 8 points 6 months ago (1 children)

How much of this is actually due to F5 leaving russia, and no longer employing russians, due to russia invading and killing ukraine? He hasn’t been employed since they ceased operations in russia and instead “volunteered” on the project.

Sounds more like he was forced to step down and take a different position, and F5 are using their actually employed staff to continue development, and make decisions.

If maxim had just left russia and stayed an employee, would any of this still be happening?

[–] [email protected] 19 points 6 months ago (2 children)

I understand and agree with your general point, but this idea that everyone can “just” leave their country, or hell, sometimes even the general area they live in, needs to die.

[–] [email protected] 9 points 6 months ago (1 children)

Just moving into another apartment or home is a lot of work and can be stressful, I can't imagine how stressful moving into another country can be..

[–] [email protected] 4 points 6 months ago

Exactly! I’m moving next year for accessibility and proximity to hospitals, due to illness in the family… Just moving to that next place and making it livable is gonna take a lot of time and monetary investment… Getting me to move again then would take said place not to be livable anymore, probably…

[–] [email protected] 5 points 6 months ago (1 children)

I totally agree, its not simple to “just move countries”. I meant it as more of a hypothetical. If he had left, stayed employed at F5, would he still have the “lead” position, and be able to direct the security position that he disagrees with. Rather than seemingly no longer being employed, being a volunteer and having to roll with whatever the company decided because he no longer is employed and has no influence

[–] [email protected] 1 points 6 months ago

Fair enough!