After reading more into this, the dev sounds like he’s being a twat.
Nginx had some security bugs in alpha code. F5 issued cve’s for it, the dev didn’t want them to because it wasn’t code in a stable release. That’s the entire story from what I can tell.
I don’t feel like f5 was in the wrong here, and running off to raise a stink seems like an excessive response here.
After reading more into this, the dev sounds like he’s being a twat.
Nginx had some security bugs in alpha code. F5 issued cve’s for it, the dev didn’t want them to because it wasn’t code in a stable release. That’s the entire story from what I can tell.
I don’t feel like f5 was in the wrong here, and running off to raise a stink seems like an excessive response here.
Can you share links to the further reading? I use nginx and would love to know more about what’s happening.
For sure, most of the good discussion was on hacker news here: https://news.ycombinator.com/item?id=39373327 and https://news.ycombinator.com/item?id=39373612
Megazone is one of the F5 security people and posted here: https://news.ycombinator.com/item?id=39374312
Thanks very much!