- A core developer of Nginx, the popular web server, has quit the project and started a fork called freenginx.
- The developer cited disagreements with the new management at F5, which acquired Nginx Inc. in 2019, over security policies.
- The dispute arose from the assigning of Common Vulnerabilities and Exposures (CVEs) to bugs in the experimental HTTP/3 code.
Archive link: https://archive.ph/U4XRN
So I am a bit confused on this one. Why does this particular developer or anyone really, disagree with assigning CVEs to releases code? I mean I get that it is experimental but having associated CVEs adds to disclosure on the experimental features. What is the downside of the assigned CVEs? I was all ready to jump on F5 being wrong but it sounds like they may have taken the right position. Can someone elaborate on why that may not be the case?