What are you looking for ?
Infinidat
Articles_top

Nutanix Objects Violates MinIO’s Open Source License

Strange behavior from Nutanix, will deserve to dig more on other services and products they released.

Minio KapoorThis is a blog post from Garima Kapoor, COO and co-founder, MinIO, Inc., posted July 19, 2022

 

 

 

MinIO is the creator of MinIO Object Storage, an open source object storage platform. We strongly believe in keeping our software open source – the best quality software is made with community collaboration, so people are free to innovate and improve. Open source licenses are essential to ensuring people know where their software comes from, and can keep it secure through transparency. It also guarantees basic freedoms of use and distribution.

Sometimes companies threaten the open source model by violating open source licenses and failing to provide IP guarantees and source identification to their users. We are disappointed to have to call out Nutanix, but we must protect MinIO users and ensure they understand the rights they are owed by Nutanix.

Nutanix Objects is built around MinIO object storage. Since its introduction in 2018, Nutanix has been distributing MinIO as part of their software stack, but has not disclosed it to its users. It has been in continued violation of the Apache v2 and we believe they may also be in violation of the GNU AGPL v3 versions of MinIO.

For the past 3 years, we have tried to resolve the license compliance issues in good faith discussions with Nutanix. However, we have not made meaningful progress. As a result, we have informed Nutanix that we are terminating and revoking any license or sublicense under Apache v2 and the AGPL v3 in accordance with the terms of those licenses. Further, we have requested  that Nutanix stop the copying and redistribution of any forked software where they have failed to convey MinIO’s original license headers and the text of the license, as well as the included patent and copyright licenses, to its customers.

If you are a customer of Nutanix Objects, there may be legal and security risks you should be aware of as a consequence of these license violations. You may not be on the latest version of the MinIO Object Storage Software, and you may not be receiving adequate IP licenses from Nutanix.  

Imitation is the most sincere form of flattery. While we are complimented that Nutanix built huge portions of its product offerings around our software, we owe a duty to MinIO users to inspect and seek to remedy license violations wherever we find them.

Here is how we found the evidence of MinIO distribution and usage inside Nutanix Objects in the field:

  1. Created Nutanix Object Store from their UI.
  2. SSH to MSP:
    nutanix@PCVM:~$ mspctl cluster ssh <cluster_name>
  3. Attached to the object controller pod using the command:
    kubectl  exec -it object-controller-0 — bash

The MinIO object storage server binary was found in their object controller pod as shown in the screenshot. Nutanix just put a wrapper around a modified version of the MinIO binary inside their object storage platform. It also did not disclose the usage of MinIO in their Open Source Disclosures or EULA to their customers.

Ultimately, this is about innovation. MinIO continues to innovate in the space and we have worked tirelessly to create the best object store on the market. We are proud to defend that work.

Comments

And MinIO has finally revoked the licenses to the MinIO object storage suite that finally means that Nutanix is naked on the object storage side. See the image below from LinkedIn captured July 20.

How a company of this size can do that? Is is a common practice they do with other open source software they use and embed? We can legitimately ask this question and it could be asked more globally at a sector or industry level.

It reminds us the previous big splash between VMware and Nutanix when the current CEO of Nutanix joined the company from VMware without any "time protection". In many countries it would have been impossible but Nutanix did it.

Definitely it creates some doubt on Nutanix globally and on the products side and put their customers using object storage service in an uncomfortable position.

It would be interesting to see how Nutanix will react as MinIO put this in the public place and cut the licenses because Nutanix ignored MinIO demands for the past 3 years. Just incredible.

Articles_bottom
AIC
ATTO
OPEN-E