this post was submitted on 02 May 2024
81 points (96.6% liked)

Open Source

31223 readers
316 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] Norgur@fedia.io 27 points 6 months ago (5 children)

Wait; he was pissed that F5 wanted to treat something as a security issue where he “and the developers” (citation needed) wanted to treat it as a normal bug. So, the “evil corporate overlords” wanted to fix something via hotfix-release, while he wanted the fix to be shipped later with a regular release?

So the company wanted — just so I get this straight — to fix a thing sooner, and therefore they are evil. They wanted to provide something that benefited users sooner and… how exactly does that make them worthy of scorn? guys, help me out, what am I missing here?

[–] pop@lemmy.ml 29 points 6 months ago

The security issue was found in a development build, not a production release. There were no users to benefit from the CVE, because none were affected. If there were exceptions that were using development builds, it on them.

[–] Meansalladknifehands@lemm.ee 13 points 6 months ago (1 children)

No, the guy is the original developer of nginx, he fucking is nginx. F5 took over nginx through legal battle stating that Dounin has worked on Nginx on work time, which he denies. There was even a police raid against nginx in Russia.

[–] bizdelnick@lemmy.ml 3 points 6 months ago* (last edited 6 months ago)

All wrong. Original developer of nginx was Igor Sysoev, and his employer who sued him was Rambler.

[–] deadcade@lemmy.deadca.de 7 points 6 months ago

Afaik the bug was never present in a release. The developer who quit had to jump through a bunch of hoops, and treat it as a security issue, when it only affected people running the latest git commit.

[–] Kata1yst@kbin.social 4 points 6 months ago

No no you don't understand. The evil corporate overlords abused their power to force a choice on a developer, even though that choice was objectively the right choice and the developer was throwing a tantrum.

This is truly awful. We must not let evil corporations, no matter their credentials, expertise, and decades of beneficial partnership with open source, tell immature and short sighted developers how to develop.