Open source software 'MinIO' stops free distribution of Docker images, sparking outrage
Regarding the security release (CVE-compliant version) of object storage configuration software '
Docker release? · Issue #21647 · minio/minio
https://github.com/minio/minio/issues/21647
MinIO stops distributing free Docker images | Hacker News
https://news.ycombinator.com/item?id=45665452
MinIO is open source software (OSS) for configuring object storage. It has an Amazon S3-compatible API and is characterized by its ability to build high-speed data storage in cloud and on-premise environments. MinIO has been a popular container on Docker Hub, with over 1 billion downloads.
However, in response to an issue on GitHub stating that 'CVE-compliant Docker images cannot be found,' the MinIO development team stated that 'we have discontinued this and moved to a source-only distribution.' This means that the official images are no longer being updated on DockerHub and other platforms, and users are now responsible for building and managing them themselves.
However, many users criticized the changes, citing 'unannounced changes,' 'security risks from not releasing a CVE-compliant version,' and 'dishonesty toward enterprise licensees.' Corporate users, in particular, complained, 'We pay license fees, but the OIDC code has been removed from the open source version, and now the distribution of Docker images has been halted,' and 'It seems like a lock-in strategy, and we've lost trust.' Users also expressed dissatisfaction with
Meanwhile, the developers explained that the decision not to distribute the Docker image was unrelated to the CVE response and had been planned for some time. It just seems like unfortunate timing. However, this only added fuel to the fire, with users expressing concerns that 'as a result, many running instances will not be updated and will remain vulnerable,' and 'automatic update services like watchtower will no longer function.' Some even criticized the move, calling it 'malicious' and 'using OSS projects for corporate strategy.'
Furthermore, some developers and users called for a fork or suggested migrating to another open-source S3-compatible storage solution. As a result, MinIO ultimately locked the thread, stating that constructive discussion was no longer taking place, and restricted comment posting.
The social news site HackerNews has seen a significant amount of criticism of the developer's approach. There's particularly strong distrust over the decision to discontinue distribution of documentation and Docker images without prior explanation. Some commenters have expressed distrust, saying, ' The documentation was abandoned a few weeks ago, which is even more serious. It used to be very easy to use, but updates as open source will likely stop from now on. ' Others have expressed a desire to transition to alternative OSS, saying, ' Following the unannounced removal of the console functionality, distribution of the Docker image has also been halted. We've switched to RustFS. ' Others have criticized MinIO's management, saying, ' This is a typical example of a company creating excellent OSS, distributing it for free, only to fail to monetize it, angering users, and then charging for it. It's becoming a business model resembling a protection fee. ' On the other hand, there were also comments defending the developers, such as, ' Providing official containers for free also takes time. From a business perspective, it makes sense to cut free support ,' ' Developers also have to make a living. If there aren't enough donations and support, they have no choice but to cut something. This is a clash between idealism and reality ,' and ' It was wrong to do this without prior notice, but if there are people who are willing to build 100PB clusters on free OSS, it's only natural that companies would turn to monetization .'
Related Posts:
in Software, Posted by log1i_yk