Hello!
On Wed, Feb 14, 2024 at 10:45:37PM +0100, Sergey Brester wrote:
> Hi Maxim,
>
> it is pity to hear such news...
>
> I have few comments and questions about, which I enclosed inline below...
>
> Regards,
> Serg.
>
> 14.02.2024 19:03, Maxim Dounin wrote:
>
> > Hello!
> >
> > As you probably know, F5 closed Moscow office in 2022, and I no
> > longer work for F5 since then. Still, we've reached an agreement
> > that I will maintain my role in nginx development as a volunteer.
> > And for almost two years I was working on improving nginx and
> > making it better for everyone, for free.
>
> And you did a very good job!
Thanks.
> > Unfortunately, some new non-technical management at F5 recently
> > decided that they know better how to run open source projects. In
> > particular, they decided to interfere with security policy nginx
> > uses for years, ignoring both the policy and developers' position.
>
> Can you explain a bit more about that (or provide some examples
> or a link to a public discussion about, if it exists)?
I've already provided some details here:
https://freenginx.org/pipermail/nginx/2024-February/000007.html
: The most recent "security advisory" was released despite the fact
: that the particular bug in the experimental HTTP/3 code is
: expected to be fixed as a normal bug as per the existing security
: policy, and all the developers, including me, agree on this.
:
: And, while the particular action isn't exactly very bad, the
: approach in general is quite problematic.
There was no public discussion. The only discussion I'm aware of
happened on the security-alert@ list, and the consensus was that
the bug should be fixed as a normal bug. Still, I was reached
several days ago with the information that some unnamed management
requested an advisory and security release anyway, regardless of
the policy and developers position.
> > That's quite understandable: they own the project, and can do
> > anything with it, including doing marketing-motivated actions,
> > ignoring developers position and community. Still, this
> > contradicts our agreement. And, more importantly, I no longer able
> > to control which changes are made in nginx within F5, and no longer
> > see nginx as a free and open source project developed and
> > maintained for the public good.
>
> Do you speak only about you?.. Or are there also other developers which
> share your point of view? Just for the record...
> What is about R. Arutyunyan, V. Bartenev and others?
> Could one expect any statement from Igor (Sysoev) about the subject?
I speak only about me. Others, if they are interested in, are
welcome to join.
> > As such, starting from today, I will no longer participate in nginx
> > development as run by F5. Instead, I'm starting an alternative
> > project, which is going to be run by developers, and not corporate
> > entities:
> >
> > http://freenginx.org/ [1]
>
> Why yet another fork? I mean why just not "angie", for instance?
The "angie" fork shares the same problem as nginx run by F5: it's
run by a for-profit corporate entity. Even if it's good enough
now, things might change unexpectedly, like it happened with F5.
> Additionally I'd like to ask whether the name "freenginx" is really well
> thought-out?
> I mean:
> - it can be easy confused with free nginx (compared to nginx plus)
> - the search for that will be horrible (if you would try to search for
> freenginx,
> even as exact (within quotes, with plus etc), many internet search
> engine
> would definitely include free nginx in the result.
> - possibly copyright or trademark problems, etc
Apart from potential trademark concerns (which I believe do not
apply here, but IANAL), these does not seem to be significant (and
search results are already good enough). Still, the name aligns
well with project goals.
> > The goal is to keep nginx development free from arbitrary corporate
> > actions. Help and contributions are welcome. Hope it will be
> > beneficial for everyone.
>
> Just as an idea: switch the primary dev to GH (github)... (and commonly from
> hg to git).
> I'm sure it would boost the development drastically, as well as bring many
> new
> developers and let grow the community.
While I understand the suggestion and potential benefits, I'm not
a fun of git and github, and prefer Mercurial.
--
Maxim Dounin
http://mdounin.ru/
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-devel