Hello! On Wed, Feb 14, 2024 at 10:45:37PM +0100, Sergey Brester wrote:
> Hi Maxim, > > it is pity to hear such news... > > I have few comments and questions about, which I enclosed inline below... > > Regards, > Serg. > > 14.02.2024 19:03, Maxim Dounin wrote: > > > Hello! > > > > As you probably know, F5 closed Moscow office in 2022, and I no > > longer work for F5 since then. Still, we've reached an agreement > > that I will maintain my role in nginx development as a volunteer. > > And for almost two years I was working on improving nginx and > > making it better for everyone, for free. > > And you did a very good job! Thanks. > > Unfortunately, some new non-technical management at F5 recently > > decided that they know better how to run open source projects. In > > particular, they decided to interfere with security policy nginx > > uses for years, ignoring both the policy and developers' position. > > Can you explain a bit more about that (or provide some examples > or a link to a public discussion about, if it exists)? I've already provided some details here: https://freenginx.org/pipermail/nginx/2024-February/000007.html : The most recent "security advisory" was released despite the fact : that the particular bug in the experimental HTTP/3 code is : expected to be fixed as a normal bug as per the existing security : policy, and all the developers, including me, agree on this. : : And, while the particular action isn't exactly very bad, the : approach in general is quite problematic. There was no public discussion. The only discussion I'm aware of happened on the security-alert@ list, and the consensus was that the bug should be fixed as a normal bug. Still, I was reached several days ago with the information that some unnamed management requested an advisory and security release anyway, regardless of the policy and developers position. > > That's quite understandable: they own the project, and can do > > anything with it, including doing marketing-motivated actions, > > ignoring developers position and community. Still, this > > contradicts our agreement. And, more importantly, I no longer able > > to control which changes are made in nginx within F5, and no longer > > see nginx as a free and open source project developed and > > maintained for the public good. > > Do you speak only about you?.. Or are there also other developers which > share your point of view? Just for the record... > What is about R. Arutyunyan, V. Bartenev and others? > Could one expect any statement from Igor (Sysoev) about the subject? I speak only about me. Others, if they are interested in, are welcome to join. > > As such, starting from today, I will no longer participate in nginx > > development as run by F5. Instead, I'm starting an alternative > > project, which is going to be run by developers, and not corporate > > entities: > > > > http://freenginx.org/ [1] > > Why yet another fork? I mean why just not "angie", for instance? The "angie" fork shares the same problem as nginx run by F5: it's run by a for-profit corporate entity. Even if it's good enough now, things might change unexpectedly, like it happened with F5. > Additionally I'd like to ask whether the name "freenginx" is really well > thought-out? > I mean: > - it can be easy confused with free nginx (compared to nginx plus) > - the search for that will be horrible (if you would try to search for > freenginx, > even as exact (within quotes, with plus etc), many internet search > engine > would definitely include free nginx in the result. > - possibly copyright or trademark problems, etc Apart from potential trademark concerns (which I believe do not apply here, but IANAL), these does not seem to be significant (and search results are already good enough). Still, the name aligns well with project goals. > > The goal is to keep nginx development free from arbitrary corporate > > actions. Help and contributions are welcome. Hope it will be > > beneficial for everyone. > > Just as an idea: switch the primary dev to GH (github)... (and commonly from > hg to git). > I'm sure it would boost the development drastically, as well as bring many > new > developers and let grow the community. While I understand the suggestion and potential benefits, I'm not a fun of git and github, and prefer Mercurial. -- Maxim Dounin http://mdounin.ru/ _______________________________________________ nginx-devel mailing list nginx-devel@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx-devel
