According to Arstechnica , Maxim Dounin, one of the core developers, left Nginx because he felt it was no longer an open-source and free project for the benefit of the community. Dounin founded freenginx and said it would be run by developers, not corporate organizations.
Dounin is one of the first and still most active programmers on the Nginx open-source project, and was one of the first employees of Nginx Inc., a company founded in 2011 to provide commercial support for web server software. According to W3techs , Nginx is now used in about one-third of the world's web servers, followed by Apache.
Nginx Inc. was acquired by F5 (based in Seattle, USA) in 2019. However, at the end of 2019, two Nginx executives, Maxim Konovalov and Igor Sysoev, were detained and questioned at their homes by Russian agents. The internet company Rambler claimed ownership of the Nginx source code, stating it was developed during a time when Sysoev worked there (Dounin also worked there). While criminal charges likely did not materialize, the intrusion of a Russian company into a popular open-source part of the web infrastructure raised some concerns.
Sysoev left F5 and the Nginx project in early 2022. Later that year, due to Russia's military operation in Ukraine, F5 ceased all operations in that country. Some Nginx developers created Angie to support Nginx users in Russia. Dounin also stopped working for F5 at that time, but maintained his role in the Nginx project as a volunteer.
Nginx is currently the open-source web server software with the largest market share.
Dounin stated that the new non-technical management at F5 recently assumed they knew exactly how to run open-source projects. In particular, this group decided to interfere with the security policies that Nginx had been using for years, bypassing even the developers. He concluded that this meant they could no longer control what changes were made to Nginx, leading him to leave.
Comments on The Hacker News , including one from an alleged F5 employee, suggest that Dounin objected to attributing published CVE vulnerabilities to QUIC. While it's not enabled in Nginx's default settings, according to Nginx documentation, QUIC is included in the main version of the application, contains the latest features and bug fixes, and is always up-to-date.
Speaking to The Hacker News , Dounin stated that the F5 team ignored both project policy and the general developer consensus without any discussion. While the specific action wasn't necessarily bad, the overall approach was problematic.
According to Astechnica , F5 expressed regret over Dounin's departure, stating that successful open-source projects like Nginx require a large and diverse community of collaborators, as well as the application of rigorous industry standards for identifying and scoring vulnerabilities. The company believes this is the right approach to developing highly secure software for customers and the community.
Source link
![[Image] Close-up of the newly discovered "sacred road" at My Son Sanctuary](/_next/image?url=https%3A%2F%2Fvphoto.vietnam.vn%2Fthumb%2F1200x675%2Fvietnam%2Fresource%2FIMAGE%2F2025%2F12%2F13%2F1765587881240_ndo_br_ms5-jpg.webp&w=3840&q=75)
Comment (0)