undefined | Better HN

0 pointsryukoposting2y ago0 comments

This is confusing. The CVE doesn't describe the attack vector with any meaningful degree of clarity, except to emphasize how you'd have to have a known unstable and non-default component enabled. As far as CVEs go, it definitely lacks substance, but it's not some catastrophic violation of best practices. It hardly reflects poorly on Maxim or anything he's done for Nginx. This seems like an extreme move, and it makes me wonder if there's something we're missing.

0 comments

PH95VuimJjqBqy2y ago

it's most likely the last straw rather than the sole reason.

arter42y ago

Maybe, but he only mentioned disagreements on security policies. Doesn't sound very convincing as a last straw, especially from a marketing standpoint when trying to gain more traction for his fork.

j / k navigate · click thread line to collapse

0 comments

PH95VuimJjqBqy2y ago

it's most likely the last straw rather than the sole reason.

arter42y ago

Maybe, but he only mentioned disagreements on security policies. Doesn't sound very convincing as a last straw, especially from a marketing standpoint when trying to gain more traction for his fork.

j / k navigate · click thread line to collapse