They are also a comparatively young project and while fully OSS do not, afaik, appear to have a solid long term funding source yet. Though that might be an opportunity to support them, if your company is interested in picking them.
[0]: https://garagehq.deuxfleurs.fr/documentation/reference-manua...
This is a set of unofficial Amazon AWS S3 compatibility tests, that can be useful to people implementing software that exposes an S3-like API. The tests use the Boto2 and Boto3 libraries.
It makes perfect sense as this is a feature of Ceph.
> Whereas Minio can point to an NFS share on a NAS.
Eh, different trade-offs.
Removing existing Docker images? Seems unlikely.
Forks take time and effort from humans to maintain.
That’s where I interpreted this as a demand.
> "When MinIO is linked to a larger software stack in any form, including statically, dynamically, pipes, or containerized and invoked remotely, the AGPL v3 applies to your use. What triggers the AGPL v3 obligations is the exchanging data between the larger stack and MinIO."
So no matter what they claim large parts of the codebase are still apache2.
I am guessing here but I do understand why they want people to open source the management code of minio and in some cases how it is integrated into a product. I understand that AGPL might not be written for these requirements but I think it is time for a new such license.
If it is part of a SaaS product that is sold I can definitely understand why this is important.
This is another case of VC-funded companies pulling up the ladder behind themselves.
I run into this in non-company backed open source projects all the time too. Some maintainer gets burned out or non-interested and all they're rewarded is people with pitchforks because they thought there were some sort of obligations to provide free updates and suppport
However, this is also a classic move, so shouldn't be unexpected behavior these days...
Welcome to HN BTW, I see you were inspired to sign up and defend the project owner.
Something that can be plugged into CI.
Perhaps something like this already exists?
I feel like this could be used till the time plane.so or other projects feel like they could migrate to garage or maybe just use these coollabsio minio docker image?
And now they have stopped publishing updates to their community edition docker images. As the linked GitHub issue points out this now means at least one vulnerability will be unpatched (unless you install from source or switch the image) for anyone relying on updates to the original container image.
My loss exactly was that minio lost most of its appeal when it stopped having an integrated management console. It also seemed they were moving into a direction where features were gonna be more separated off for their aistore products over the community edition (a fair move but not something I want to happen to my deployment).
What I'd like to complain about instead is the pricing page on the Min.io webpage - it doesn't list any pricing. Looking at https://cloudian.com/blog/minios-ui-removal-leaves-organizat... it seems the prices are not cheap at all (minimum of $96,000 per year). Note that Cloudian is a competitor offering a closed-source product.
You suddenly deciding that you won't be offering updated Docker images especially after a CVE and with no prior notice (except a hidden commit 4 days ago that updated the README) is approaching malicious-level actions.
If they truly cared about their community and still wanted to go through the decision of not offering public docker builds the responsible thing to do is offer a warning period, start adding notices in the repo (gh and docker) and create an easy migration path, even endorse or help some community members who would be fine with taking care of the public builds of the image.
But no, they introduced the change, made no public statement about it, waited for someone to notice this, offered no explanation and went silent. After a huge CVE. Irresponsible.
thats entitlement but seen from the other side.
There's also nothing wrong in being upset about something you relied on disappearing overnight. If someone decides to provide something for free, they should give time for people to stop relying on this free stuff if they can.
However, I also believe you should own it if you decide to ever rely on prebuilt Docker images. More specifically, if you are relying on prebuilt Docker images, you are letting someone else decide on a part of your infra. And yes, this someone else can decide to stop providing this part of your infra overnight. This is on you.
I also don't find anything wrong in deciding to not provide binaries for your open source project, or to stop providing binaries, including docker images.
Sounds exactly like freeloading to me. You may think of that term negatively, but it is exactly what it is.
> One who does not contribute or pay appropriately; one who gets a free ride, etc. without paying a fair share.
Which I believe is a bit more generic (giving back might not be the only way of being fair).
> You may think of that term negatively
But the term carries a negative judgement, what's the point of this term otherwise? Without the judgemental part, you'd just say "using for free" or something.
The whole question is: is it fair to use open source software for free?
And I believe it is. Actually, this is stronger than this: I believe people should feel free to use free software for free, and should not be looked down for doing so. This is key for freedom 0 to be an actual thing. (I'm not set in stone in this position and would be happy change my mind on this though).
The notion of "giving back" can be discussed. I believe it is fair to get stuff from Person A for free and then helping B for free (later or earlier), in the hope that some person P will eventually help / have helped Person A for free for instance - this has the potential to provide everyone with a strong, helpful society and it would be even more enjoyable and reliable than a society that enforces pair to pair transactions.
Indeed, if someone always takes stuff for free and never contributes to anything, I would find this unfair (unless for some reason they can't contribute back, because of a disability or something). I would call this freeloading. Society cannot work like this. But you need the bigger picture to assess this.
When you start to try thinking about all this, the concepts of giving back, fairness, etc, it gets quite complicated. You also need to take in account the way society and the economical system works as a whole. What are the incentives, the motives, etc?
Basically, qualifying someone as a "open source freeloader" without context just because they use freedom 0 without paying is quite bold and might not be fair.
What if a company uses MinIO for free but provides some nice open source software?
Just don't judge someone too fast.
Of course many creators are selfish. Once they have benefitted from everyone using their project they think: we want more. Then the rugpulls start. They think they no longer need their users, so now they can abuse them for additional profit.
Coolify is already doing it but your comment is on the verge of being passive agressive. I wouldn't say these are open source freeloaders because they could be using things like watchtowers etc. which automatically update and it could be a very huge deal for automated updates especially after I saw that some recent CVE of minio happened.
Simply put this just hurts the security of people running minio, I wouldn't say its freeloading, its actively harming the community. There are people in that thread who are paid customers as well saying that they lost a customer. I wouldn't say its freeloading. Minio already has some custom license or paid offering and I think that they make decent enough money out of it, providing docker files and then stopping to is kinda a shitty behaviour if they are unable to explain the reasons exactly why. I couldn't find the exact reasons on why they are doing what they are doing except making it hard for people to self host.
I do concede that they could’ve done a better job communicating these changes. But they don’t have to.
- if you rely on something, you should make sure you can reasonably rely on it (indeed, for instance by paying someone)
- if you provide something, even for free, you should expect people will rely on it and you shouldn't pull the plug overnight if you can help it (of course, if you run out of business or something bad happens to you, that's something else). There is some kind of implicit commitment. Nobody should be entitled to receive free pre-built Docker images, but OTOH what's the point of even providing pre-built Docker images if you expect people not to rely on them? This feels pointless and you probably shouldn't start providing them in the first place if you have this expectation.
Do you know their reasons for discontinuing? Are you even entitled to know that? It's their private matter.
> of course, if you run out of business or something bad happens to you, that's something else
Huh? So now everyone should let you know "it was out of their hands"? You have no idea how entitled you behave.
> There is some kind of implicit commitment.
No. That's just between your ears. It's putting fancy words on a feeling you have, not something that actually exists.
> what's the point of even providing pre-built Docker images if you expect people not to rely on them?
How do you know they had that expectation? And why do you care?
> This feels pointless and you probably shouldn't start providing them in the first place if you have this expectation.
You are excusing yourself for these commenters that behave like spoiled children: not thankful for what they got for free, but only bitching when it stops.
> Do you know their reasons for discontinuing? Are you even entitled to know that? It's their private matter.
Fully addressed in the "if you can help it" part of my comment.
> You have no idea how entitled you behave.
I have 100% idea how entitled I behave. I don't at all. I don't use MinIO. As an employee, I push internally for relying on our own infra (but we are quite good at this already).
I don't expect open source projects to provide binaries. Well, I kinda do if they've been doing it though. Expectations vs entitlement? Not the same thing.
We're discussing human interactions and expectations here.
---
So, in your opinion, what's the point of providing pre-built binaries if you don't want others to be able to rely on them then?
As someone who develops free software in my hobbies and also as an employee, if I provide binaries for free, I 100% expect people to be able to rely on them, or I just don't do it, and I would 100% feel like I'd be causing them issues by stopping doing it on short notice. I would feel like I'd owe them explanations (and their can be valid ones I'm sure - burn out would be a hell of a valid explanation to stop working on the projects at all) if I did that. They'd not be entitled to receive the binaries from me, but they would expect it and breaking expectations is not very nice. I have difficulties seeing this another way to be honest.
Let's also recall that we are talking about a project who's business might have benefited from the adoption in the first place.
> why do you care?
I could care about nothing, but that's not what I'm on HN for. I'm curious and interested.
You can read more about my views on this stuff here if it can help understand me: https://news.ycombinator.com/item?id=45667271
Note that a CVE is not an indication that something doesn't work. In the real world, they're mostly relevant only for businesses that need something like PCI compliance. Especially for something like a storage server that shouldn't be directly exposed to the Internet. If you are a business that has some compliance obligation, you have no one to blame but yourself if you rely on others' charity to meet that obligation.
Without other elements, it's definitely not nice to stop releasing the binaries out of the blue, especially for a security fix. To me it's purely a question of breaking expectations you've built yourself (I don't mean entitlement, I mean expectations).
Now, it's indeed not the end of the world, and:
> you have no one to blame but yourself if you rely on others' charity to meet that obligation
100% agree with you on this (that's my first point in my original comment).
Building minio is not only trivial, but is standard procedure - the latest release is in my distributions standard package repo, and they would not use prebuilt binaries. If you want that dockerized, the Dockerfile is shorter than the command-line to run said container. Dealing with Docker themselves, the corporation that has famously gone on a tax collection spree, is however quite the pain in the arse for a company.
I can't stand the entitlement people (everyone, not one particular person) feel when they are provided things for free. Sure, minio is run by a corporation these days and this applies a bit more to smaller FOSS projects, but the complaint is that the silver spoon got replaced with a stainless steel one. You're still being fed for free, despite having done nothing for it.
</rant>
In this case, we're not even talking about that though, it's just a redundant prebuilt binary getting janked. I don't think it makes sense to provide prebuild binaries in the first place.
Agree. But that's not my point. If you start an oss project from scratch and you don't want to provide builds that's fine.
If you start your oss project, provide public docker images since the beginning, start getting traction, create a commercial scheme for you to monetize the project and then suddenly make a rug pull on the public builds; that is indeed irresponsible, and borderline malicious when you do it without: 1. sufficient warning time. 2. after a recent cve.
Is it malicious? I don't know. I prefer to believe in Hanlon's razor. Is it irresponsible? 100% yes.
I don't get why one they would provide prebuilt binaries in the first place, and removing them is just cleanup.
Don’t like it? Stop being a parasite and pay someone for a support contract.
Does it make you less frustrated to remember that humans are pattern recognition machines and our existence is essentially recognising and adapting to patterns, and so when someone does something repeatedly - regardless of if they're doing it for free - humans will recognise a pattern and adapt to it.
This is an inevitable consequence of coexisting with humans: if someone does something repeatedly, it creates an expectation. This is how learning works. If someone stops doing something, people are going to mention the consequences of their expectation not being met. Framing that as entitlement doesn't seem productive, especially in situations like this where it looks like the change wasn't properly communicated.
I don't think there can be a world where humans are able to learn/adapt/be efficient whilst not having expectations.
I believe there could be a world where people don't get pejoratively labelled as entitled for expressing the inconvenience caused by having functionality removed.
No. There is no valid justification, and the suggestion otherwise suggests a lack of understanding of what exactly these rude individuals are demanding.
The very least people can do when receiving such quite extensive voluntary favors and dedication from others is to be polite and show proper gratitude and appreciation. Otherwise, they are not worth the personal and uncompensated sacrifice of time (a quite non-renewable reosurce) and personal health required for the support. They are not even worth the stress or brain cycles required for communication.
(Not saying there aren't plenty of people showing appreciation - otherwise we would have given up on FOSS entirely a long time ago - just talking about those that don't)
Like I said, the fact that people are human, and that minios did a thing repeatedly, is why the expectation is there. Saying it's not justified is like saying the sky isn't justified being blue, getting upset and frustrated about it is even more silly.
There's no need for people to be rude, I agree, but I don't really see any people being disproportionately rude in their comments, especially in the context of a provider who pulled part of their provisions without fair warning.
That expectation does not entitle anybody to anything though.
> people will rely on that and will chose your software based on that expectation
That is their decision. Without any contract or promise, there is no obligation to anybody.
> You suddenly deciding that you won't be offering updated Docker images […] is approaching malicious-level actions.
I really don’t get this entitlement. “You are still doing unpaid work I benefit from, but you used to do more, therefore you are malicious.” is something I really cannot get behind.
For example:
"You are joking ?!
The commit about source only is 4 days old (9e49d5e)
We are currently paying for a license while using the open source version, you already removed the oidc code from UI console and now docker images. We are not happy by this lock-in. We will discuss this internally, but you may loose a paying customer with this behavior."
Then there are ideological reasons: Purposly trying to make the open source version sustainable.
And then reduced lockin etc. by not using Enterprise only features by accident/convenience, which leaves the door open to leave the contract.
This is true legally, but not otherwise (socially, practically)
"That is their decision. Without any contract or promise, there is no obligation to anybody."
Again, true legally, but IMHO a really silly position to take overall.
Imagine I provide free electricity to everyone in my town. I encourage everyone to use it. I do it all for free. I'm very careful to ensure the legal framework means i have no obligation, and everyone knows i have no obligations to them legally. They all take me up on it. All the other providers wither and die as a result. 15 years later, i decide to shut it all down on a whim because i want to move on to other things. The lights go out for the town everywhere.
Saying "i have no legal obligations" is true, but expecting people to not be pissed off, complain, and expect me to not do this is at best, naive.
Calling them entitled is even funnier. It's sort of irrelevant if they are entitled or not, after i put them in this position.
Legal obligation is not the only form of obligation, and not even the interesting ones most of the time.
More importantly - society has never survived on legal obligation alone.
I do not think you would enjoy living in a world where legal obligation is the only thing that mattered.
Maybe a car analogy (because they hardly work). It's like lending your car to someone everyday then stopping, then the person complains that they have no way to get around. But there is walking, biking, busses or buying your own car.
Of course the entitlement to volunteer work is also rude, and in my opinion worse.
It is more like you went around your neighborhood and turned peoples lights on in the evening, then stopped.
Sure, it’s a lost convenience, but people can easily choose to just… push the button themselves. Or pay somebody to continue doing it for them. Or get a timer.
It’s really not a big deal, and there are plenty of alternatives.
Then Minio decided to disable the feature to upgrade the lightbulb automatically, the code to update it is still there, they just don't want to do it anymore. Conveniently there is a Minio+ enterprise plan that has this feature. But hey! they tell you that you can easily set up your own server to update your lightbulb automatically. And most enterprise clients or people who have Minio lightbulbs in their office will do that.
But for single enthusiasts who don't have a server because they are just running a Minio lightbulb in their shed it's a bad situation, because if they knew this from the beginning they would have gone with another free lightbulb that updated automatically.
In short: Minio has the legal right to do whatever they want, people using minio have the right to be pissed. It's an all around bad publicity stunt and if I was a Minio investor I would really wonder why they are trying to piss off their loyal user base for a quick buck.
What keeps those enthusiasts from setting up a scheduled GitHub Action (or whatever system they prefer to use) to build the image for themselves?
How much (amortized) effort are we actually talking about here? One minute per release?
There are a lot of paragraphs in this thread laying the groundwork for this subtle strawman, but neither you nor DannyBee are addressing the real opposing position. That's the one that says there is no legal obligation and there is no social obligation. You're both treating the latter as if agreement about its existence is a forgone conclusion not in dispute. But of course it's in dispute. It's the basis of the dispute.
The point is, there is a community project, and Minio has revealed they are leaving the community. It's not illegal that they do so, any more than divorce is illegal, but it's concerning to anyone who views themselves as part of that community.
It raises a point that is it smart to join a new community that depends on the same people or organization.
Your persistent inability to comprehend this makes you look like a poor candidate for future professional collaboration. Maybe you are autistic, maybe just a shill, but it's not helping you.
A feeling of a community is not a contract. Complaining about losing that community changes nothing; and I believe that's the point GP is making.
Then I decide to stop. It doesn't really matter why, I wasn't getting paid or had not made any sort of formal agreement or promise, I just don't want to do it anymore. Now I shovel my sidewalk to the property line exactly and that's it. Hey, that's my legal obligation; I don't need to do any more! Mr. Johnson now has a lot more trouble getting out of his house; we see him a lot less. The baby is crying while new mom slips around trying to load up strollers and diaper bags and a car seat. The snowbirds just got fined by city bylaw for not clearing their walk. That dad's school trip is just a little longer, colder and unpleasant.
Hey, this isn't my fault! All those people took my effort for granted; I never promised to shovel their walks! They have no basis to judge me! But you better believe that this decision reduced their assessment that I'm a "good neighbour". Community is built mostly on implicit agreements, norms and conventions that are established through practice & conduct over time. You're arguing the right/wrong of this in the face of legal formalizations, while others are just saying it is a fact, not weighing the benefits and obligations.
So many commenters are just plain rude. They got free value for along time. Someone giving the free value decides to allocate their time otherwise. And the long-time receivers of the free value now cannot behave.
And you seem to make excuses for them...
It's just rude to behave like that after having enjoyed gifts for so long. They behave like spoiled children. Nothing to defend IMHO.
You're essentially saying that only users who contribute to OSS are worthy of attention and support. This is no different than saying that only commercial users, or those from specific countries, backgrounds, or industries are worthy of the same.
Those users who create issues, request features, and, yes, ask for support, are as valuable as those who contribute code or money. They're all part of the same community of users that help build a successful product. And they do it for free for you, because they're passionate about the product itself.
If you think otherwise then you should make your terms of service explicit by using a restrictive license and business model. OSS is not for you.
Yes, some people can be rude, demanding, and unworthy of your attention. But you make those boundaries clear, not treat all non-paying users as entitled children.
True in theory but no one has infinite time to distinguish correctly between good feature requester or bad one.
FOSS licenses already do that: they shout at you in all-caps that the authors PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED.
Meanwhile the licenses don't say anything about communities.
For better or worse, OSI convinced everyone that "open source" is synonymous with using specific licenses that meet their definition. If that's the case, then how can it be a "fundamental misunderstanding of OSS" to strictly interpret OSS by the terms of the licenses, which don't mention any sort of "social contract", while they do include language explicitly contrary to such expectations of users?
When a restaurant which you've been going to for years one day decides to serve you your favorite meal with a bit of poop on the side, do you not have the right to be upset about it? They're not under any obligation to serve you meals you're happy with. There was no contract or promise. The fact you're paying for their service doesn't buy you these rights either. Those are just the terms of service both parties have agreed to.
Similarly, open source software is much more than a license. There is a basic social contract of not being an asshole to users of your product, which is an unwritten rule not just in software and industry in general, but in society as a whole. The free software movement is an extension of this mindset, and focuses on building software for the benefit of everyone, not just those who happen to pay for it, or those who meet your specific criteria. Claiming you support this philosophy, while acting against it, is hypocritical, and abusive towards people who do believe in it. And your point is that that people who complain about this are entitled? Give me a break.
If you want to place restrictions on how your software is used and who gets to enjoy it, that's fine, but make those terms explicit by choosing the appropriate license and business model from the start. Stop abusing OSS as a marketing tactic.[1]
With this the solution becomes obvious. You select piece of technology to build on you are fully and ready to take over it for purposes you want to use for it. The code is shared and you should not expect anything more.
If there had never been an offer, they would not have built around it, and would have found another solution and, even if harder or more inconvenient, learned how to use that and built around that. Sure, no one is obligated to continue to provide them with the product, but saying that they are being unreasonable for expecting a little bit of warning time before having support pulled is a bit unrealistic.
I know we have done the metaphors to death already, but let's try another one: imagine if someone gave you a ride to work every day for years and one morning they didn't show up and you couldn't get in touch with them. You should have had a backup plan, and you shouldn't have depended on them, but it will take you a while to find a car and rearrange your schedule and learn how to drive or whatever you have to do, and all they had to do was notify you a month or two earlier that they wouldn't be able to do it anymore.
Of course there is. Which is why many hostile projects get forked.
"That is the beauty of OSS", I hear you say. And I agree, but most people aren't developers. Even those who are, might not be familiar with the technology to continue maintaining the project. And even those who are, will still need time and effort to understand the codebase at a level that they're comfortable with maintaining it. And even those who are interested in all of that, might not do a good job at it.
So, ultimately, it is a very small subset of users who would not only have the capability to continue maintenance, but would manage to do as well as the original maintainers for the benefit of the entire community.
Most people saw an interesting piece of software, gave it a try and enjoyed it, and, if the project is successful, would probably like to continue using it. When the original developer ignores or is actively hostile towards these users, you're saying that they have no right to be upset about it? That's what I find ridiculous.
Yes, some people can be demanding and annoying, but that's true regardless if they're a paying customer, a contributor, or a "freeloader". The way you deal with this is by communicating and setting clear boundaries, not by alienating your user base.
But MinIO didn't do any of that. They're still a 100% open-source project, with the proper license.
It certainly does. In the UK and many other countries (possibly not the US), as soon as you are paying for a good or service you are entitled that it is satisfactory quality, fit for purpose and as described. I think it's uncontentious that a meal at a restaurant that includes poo is not satisfactory quality. Businesses have less rights than consumers but this would still count. However, the restaurant is certainly free to refuse serving you at all (unless they're it's because of a protected characteristic e.g. because of your race or gender).
I'm not sure how much that affects your analogy since it was probably a bit too far removed from the original situation to be useful anyway.
No, it doesn't. Yes, there are general safety regulations in any country, but there are no hard rules as to what "satisfactory" or "fit for purpose" means.
My analogy was contrived to make a point. Of course serving actual feces is not "satisfactory". But I imagine that you can extrapolate my analogy into an infinite number of possibilities where someone who once enjoyed certain services or products can find them not "satisfactory" anymore. That is a commonplace situation in any marketplace, and it is perfectly valid for the person on the receiving end to be upset about it.
The one hole you can poke at my analogy, which I anticipated, is that there is (typically) no financial transaction between users and developers of free software. But my response to this is that a financial transaction is not a requirement for the social contract to be established with users of any product or service, regardless of its distribution or business model. Those users can still expect a certain level of service, and understandably so. This expectation exists whether the person is a customer or not.
A closer analogy might be a community kitchen, or garden. But it really makes no difference to my argument.
The free software philosophy is agnostic to how software is monetized. It's true that it is more difficult to do so than with proprietary software, but it's certainly not impossible. Many companies have been built and thrive on producing free software. The crucial thing, regardless of the business model, is to treat all your users with the same amount of respect, dedication, and honesty. The moment you stop doing that, don't be surprised when the community pushes back. That's on you, not on "entitled" users.
Seems like the new definition of open source is not license, not code but What I need others must do for me
> That is their decision. Without any contract or promise, there is no obligation to anybody.
Not everything is legally enforced. Open source is a social phenomenon. Why are you so surprised that these social rules are being enforced socially?
There are obligations... it's how society functions.
> I really don’t get this entitlement. “You are still doing unpaid work I benefit from, but you used to do more, therefore you are malicious.” is something I really cannot get behind.
I really don't get this entitlement. You expect that nobody should follow any social contracts and I'm sure are always surprised when people call you out for being asocial.
The GP didn't say it entitled them to anything, but that it created a sense of entitlement. You are correct there's no contractual obligation to do so, but it was likely a part of the decision to go with their solution, i.e. "they make it easy to deploy!". It is a very logical conclusion to say "they just made it HARDER THAN BEFORE to deploy".
Promises are not always explicit written permission; that's why I got in trouble for re-broadcasting major-league baseball with only implicit verbal permission (thanks, Simpsons!)
Not all shitty behavior is governed by contracts and licenses. You can be an asshole without violating the terms of a license.
I hate to break it to you, but you know the CVEs are fixed in the source code, not in the Docker Image? Just build it yourself, the good folks have even provided a Dockerfile for it.
In the end, it’s just software made available under specific terms. While I understand the inconvenience for users if things change, it feels like part of the disappointment might stem from one-sided expectations.
Recently switched from bitnami to minio here, with plenty heads up & they scheduled brown outs etc, along with legacy images to fallback on for users who don't get informed by anything until image gone
If that is Minio’s expectation, then all is good, but it seems kinda counterproductive? I never liked minio, but I certainly wouldn’t use it after seeing them remove features.
All sorts of projects remove features all the time though, even the linux kernel drops support for hardware that may or may not be in use somewhere
>Their users are entitled to get salty and go find alternative products.
People are entitled to feeling things of course, others will only point out that it may not be justified and that the user is liable to get hurt again if they never adjust their expectations to meet reality
MinIO is open source cosplay.
I wrote this back in July: https://sneak.berlin/20250720/minio-are-assholes/
They just can't stop shooting themselves in the foot that didn't even heal from last time.
The last tag with a working web UI is RELEASE.2025-04-22T22-12-26Z btw.
Company does a rug pull because they are unable to make a proper business out of it and leaves the community hanging dry.
Removing the container image build step, which was ALREADY THERE, and doing this internaly only, is the gatekeeping they are now doing.
Its like 0 effort to provide these images.
And yes pricing pages like this is always the same: You don't get any deal below 1k / month minimum because they have some pre-sales people and a payment pipeline which doesn't work for anything small or startup like.
Somehow i don't get MinIO anyway. They got over 100 Million of investment for an S3 system. Its basically a done product. Its also a typical 'invest once build it once, keep it running' thing which can easily be replicated with a little bit of investment from other companies.
I have no clue how they ever got valued over 100 Million.
I love it when entitled folks both expect to use someone else's work AND immediately downplay someone else's effort (no, I am not affiliated with Min.IO, just saying if you are scared of building a docker image yourself, maybe you should not downplay someone else's effort).
I'm also not 'entitled' because i'm doing this for another open source project we are now maintaining.
Just to be clear: THEY already have to maintain the docker image and it makes it less secure for EVERYONE if the community now needs to either find a new github repo/company building it for them or everyone has to build it themselves because they do not trust random companies.
There is a difference between having the official Min.IO image with a stamp of approval vs. forked repos with their version of the same image. The only thing fixing this kind of issue is a fingerprint and build caches.
They are removing the official container images because 1. this is the magic source of running your software in helm charts etc. so now you need to act 2. in some companies you are not allowed to use random container images
And you are complelty ignoring my arguments. Its not entitlement if a companies product becomes the industry standard due to Open Source and then doing a rug pull like this.
Correct, and that's the most worrying aspect.
Wrong - it would be less secure if they did not share the source code and the Dockerfile along that too. As long as you take care to regularly update, where is the problem?
So i setup everything to do this on my github with their code and publish it on my package.
And you don't think this is stupid?
The problem is the critisim how they act and even if they release everything and its just building the image, you can't trust another source to upload the image someone else has build with this file. So now everyone has to build the same image.
Building a quality production ready image is not trivial, and it's always welcomed from the vendor.
While this is true, in all of these discussions, somewhere the notion of responsibility often gets lost.
If you publish a project, encourage people to use it, promote it heavily, etc, then get lots of users, and then decide to kill it, while it's true you legally owe nobody anything, it's sort of crazy to claim people are acting entitled when they complain.
After all, you encouraged people to use it and promoted it!
Again, do you legally owe them anything? Nope.
I am much more empathetic towards those who get surprised by the growth of their projects, or otherwise didn't try to make their project popular and decide to quit when it becomes too large too quickly and becomes a burden.
In general, if you try to encourage lots of people to use or do something and succeed at that, you end up with various forms of social responsibility to those people. That's true in most things, not just open source.
Open source does not get a pass at this social reality simply because, as a legal reality, those users are not owed anything.
Talk is cheap. People will complain about something they’re not legally entitled to because there’s no downside, only an upside if the company backtracks.
In the background they are probably creating tickets to mitigate the risk if the complaining doesn’t work. It’s perfectly rational.
I don’t understand the people who don’t understand this.
But this attitude is too far the other way. Fair enough, you are under no obligation to continue providing a free service. But isn't it fair to give a bit of notice before withdrawing it? Especially after doing it so consistently for so long. Not legally required, sure, but polite.
They haven't even given notice after withdrawing it! They just waited for someone to realise and ask about it.
Bear in mind that many paid for services, on a subscription basis, technically allow the seller to change (i.e. reduce!) the service at any time. If they act in bad faith to their free tier, what should you expect about their paid tiers? You could argue you also shouldn't be using paid services that could behave that way but I think you'd struggle not to.
MinIO is a commercial company that provides some open source components and some paid components and services.
This meme where nobody is allowed to be unhappy with anything when the phrase “open source” is involved is getting old. In the span of two paragraphs your comment discovered why this is frustrating people: They have been providing certain things in the open source leg of their operation and then yanking them and stuffing them under a very expensive commercial leg later, after people have begun using them.
Being upset about that is reasonable and understandable, even if it triggers some of the people who believe “open source” means nobody is allowed to be unhappy with anything, ever.
The community that made them is being shit on.
Every time I read something like this, I recall this post from Rich Hickey[1][2] on why no one is entitled to benefit from another human being's goodwill and time.
From the post:
> The only people entitled to say how open source 'ought' to work are people who run projects, and the scope of their entitlement extends only to their own projects.
> Just because someone open sources something does not imply they owe the world a change in their status, focus and effort, e.g. from inventor to community manager.
[1] - https://gist.github.com/richhickey/1563cddea1002958f96e7ba95....
People are complaining because something was available, they adopted it, then it was discontinued. Apparently with little warning, and after they'd been encouraged to adopt it by the provider of the images.
As it happens, I agree with the general idea that if folks are not paying for the convenience of builds, then it's on them to work from source. However, it's better IMO if a vendor or project start from that position rather than what's seen as a rug-pull.
Of course, it's part of the playbook: when something is new and not widely adopted, the vendor goes to great effort to encourage adoption -- then the vendor starts looking at the paid vs. free usage and sees "huh, we have a 10000:1 ratio of paid to free users, including ten megacorps that show up grabbing binaries every 10 minutes for their CI/CD farm, and asking questions in our forums, but aren't paying a penny toward development and our investors are getting pissy."
The company I work at spun up a MinIO instance, and we got hounded by MinIO lawyers claiming we had to pay because "hosting MinIO alters the source because of injecting configuration" and therefore violates their open source license.
There have been multiple hacker news threads about this:
1. The MinIO image on Docker Hub has more than a billion downloads [^0]. With those download counts, people have almost certainly written scripts that rely on this image existing (including their own Dockerfile! [^1]). Them leaving these images around is just asking for security breaches later down the line.
2. Fortunately, MinIO is a Golang app and can be built with a simple "go install" (though the build instructions in their docs don't align to the build recipe in their Makefile [^2]). However, they could pull a Tesla and make the source that they publish differ from the source that their binaries are built from.
3. They gave NO notice. That's the slimiest part of all of this. Tens of thousands of Kubernetes clusters, and handfuls of enterprise products, run or package MinIO that are now using images that will no longer be updated. All of these people will need to completely change their toolchains to account for that, and soon. That's just not a kind thing to do.
[^0] https://hub.docker.com/r/minio/minio/tags
[^1] https://github.com/minio/minio/blob/master/Dockerfile
[^2] https://github.com/minio/minio/blob/master/Makefile#L179
At least that's all we use it for really
Turns out most file systems are horrible key-value stores.
Adopting Ceph is adopting a Ceph engineer, any use-case with the need and funding to run Ceph on production would easily be able to pay for commercial licenses and/or contribute majorly to this or their own fork. They work in different ball-parks entirely
I was okay with not having support because I am not part of their customer base. I was okay with not having the webUI, though I wish they made an option where the webUI would be available for some basic-tier paid customers. But I can not be okay with this move. They are just giving the finger to all the community. They never tried to work out a solution that could let smaller users to contribute or support.
I will seriously have to consider moving to Hetzner object storage.
STOP ABUSING OSS AS A MARKETING GIMMICK.
Or perhaps an advice to people who might actually listen: stop being attracted to open source projects because of the word "open", and because you can use it gratis. There are plenty of good proprietary and commercial software whose authors treat their users with more respect than these leeches of good will and abusers of trust.
I'm not against OSS being commercialized. In fact, I think that it's crucial for maintaining a healthy project in the long-term[1][2]. But this lingers on the developer having respect and equal regard for all their users, regardless of how much they're paying them. Yes, nobody working on software should be expected to work for free. But there is a philosophy behind this movement that goes beyond a financial transaction. It only works if everyone in the ecosystem is honest, and first and foremost has the intention of making the world a better place for everyone, by not only depending on others who have this mindset, but by adopting it themselves. Claiming to be part of the OSS community, but being hostile to your OSS users is dishonest at best, and worthy of all criticism.
In general, applying this to anything with the general public, I don't expect it to work. This is why we have laws, licenses and rules in the first place. You can preach all you want but it won't change humanity, you need something concrete, something written and agreed, like a license.
Not all licenses protect the freedoms and rights you're used to in other licenses, and it needs to be taken into account when adopting any project. License terms that don't guarantee any sort of support or updates when you need them aren't in consideration at that point.
You can't claim to provide software as a public good, while also gatekeeping it only for specific groups of people. If you want to do that, then choose a restrictive license, with the exact terms of use you're comfortable with, and don't work in the open to begin with. That is a valid strategy if your main priority is getting paid.
My objection is towards people who use OSS licenses, but then take issue when others actually use the freedoms they've granted, and proceed to enshittify the project by removing features, putting them up behind a paywall, and in general being hostile and ignoring the user base they've gained in large part thanks to OSS. This is using OSS as a marketing tactic, which undermines the whole point of open source and the free software movement.
We use MinIO (community edition) a fair amount. And while we like it, it is also becoming increasingly clear that our days of deploying are numbered.
We want to start experimenting with Garage for smaller deployments, and would be interesting to hear of any production experiences there. (Anyone done multi-PiB deployments?)
Other than that we're going to start looking at Ceph/Rook for larger deployments.
seriously, minio sucks perf wise but they really did a good job making it easy to deploy with docker
I think this would be better: "MinIO stops distributing free Docker images"
---
See also the relevant README section: https://github.com/minio/minio?tab=readme-ov-file#source-onl...
Thanks tomhow!
I don't see the problem in either case. For a Gentoo user, it changes nothing.
While I understand the frustration with MinIO’s approach here, I want to be upfront about what Cloudian HyperStore is and isn’t - it is designed for multi-node, multi-site deployments (think 3+ nodes minimum) and performs best on bare metal or dedicated infrastructure rather than containerized environments.
It’s a very mature S3 and offers IAM, SQS and STS endpoints as well.
If you’re running MinIO at scale in production and looking at migration options, I’m happy to connect you with our team who can discuss whether HyperStore makes sense for your use case. That said, for single-node dev environments or lightweight deployments that many here are using MinIO for, the community alternatives mentioned in this thread are probably better fits. Different tools for different scales. Happy to answer any technical questions about HyperStore’s architecture if helpful.
I was reading the github discussion and found out that coollabs has taken on the decision to make docker images for these.
https://github.com/coollabsio/minio
https://github.com/minio/minio/issues/21647#issuecomment-342...
>Until we (the community) figure out something, I made an automated docker image version here: https://github.com/coollabsio/minio
The latest release is already available on ghcr and on dockerhub for amd and arm.
Well they have locked the discussion right now it seems but hope the community does something since my brother once asked for how to store audio and I thought that something like S3 could be perfect for it and wanted him to use minio or check it out.
Idk what I will recommend now? Garage? Seaweedfs?
Seriously, what is the rage here, anyone could do this.
Especially because they haven't provided any reasoning for this decision, so everyone assumes the worst. I can't really think of any reason for this that puts them in a positive light either, can you?
This was the first person after so so many comments to actually do something about it, and he's from coolify which can be decently trusted with.
Everybody likes to rant and the dislikes on github issues show but I just respect the guy for even taking his time to write this.
Sure you can try to reduce it to LOC or anyone can do this, but did you?
Also there is a trust factor, I can trust coolify's docker image as compared to any other people.
It does not actually solve the trickiness of managing large storage but relies on the backend (that is usually fs like zfs in small setups).
However, seems to be quite new project plus the risk, that the owning company takes it to bad direction, is there too.
The great thing about open src is the ability to walk away. removed features in new release? fork and put it back. quit complaining and be the change the world needs you to be
Can't emphasize on it enough but I trust the coolify team enough. Lets all jump to this ig
There are people who are being the change they want to see, thanks coolify team.
You don't even need to fork the project, you can just extend / distribute
What's not cool is not pushing a fresh Docker image to secure the CVE, leaving anyone using Docker hanging. Regardless of the new policy, they should have followed through and made the fix public on all distribution channels. Leaving a known unsafe version as the last release is irresponsible.
I think they should have done a better job of announcing this ahead of time (or at all, really); but there's realistically never going to be a CVE-free release to stop on, because the next CVE is just around the corner.
From their Slack on Oct 10:
"The documentation sites at docs.min.io/community have been pulled of this morning and will redirect to the equivalent AIStor documentation where possible". [emphasis mine]
The minio/docs repository hasn't been updated in 2 weeks now, and the implication is that isn't going to be.
Even when I set up a minio cluster this February, it was both impressively easy and hard in a few small aspects. The most crucial installation tips - around 100Gb networking, Linux kernel tunables and fault-finding - were hung off comments on their github, talking about files that were deleted from the repository years ago.
I've built a cluster for a client that's being expanded to ≈100PB this year. The price of support comes in at at slightly less than the equivalent amount of S3 storage (not including the actual hosting costs!). The value of it just isn't that high to my client - so I guess we're just coasting on what we can get now, and will have to see what real community might form around the source.
I'm not a free software die-hard so I'm grateful for the work minio have put into the world, and the business it's enabling. But it seems super-clear they're stopping those contributions, and I'd bet the final open source release will happen in the next year.
If anyone else is hosting with minio & can't afford the support either :) please drop me a line and maybe we can get something going.
Almost certainly not, due to the AGPL license. I know Nutanix got into hot water about distributing Minio so I don't think any big shop will fork it.
This is after MinIO asserted that Weka had also stolen their AGPL-licensed code, showing that they extracted binaries from the distribution. They forgot that that 3-month old (unmodified) version was still Apache licensed though.
MinIO generally don't seem to consult lawyers often. They haven't even set up copyright assignment / CLA immediately after switching the license, so technically they are also incapable of selling AGPL license exceptions just like everyone else.
I've done my best to keep MinIO away from most infra I manage, not because of legal concerns but because it was kind of obvious they'd eventually go full scorched earth and either drop images or the source code distribution all together. Maybe now we can all move on to a fork, or SeaweedFS, or Ceph, or literally anything else.
Funnily enough, such action is outside of their paid product's EULA.
that's why you'd be pissed.
People gotta eat. If someone's making valuable tools and giving them away, they still need to get paid somehow. If people aren't voluntarily tipping them enough, then something's gotta give.
There have been too many stories of open source developers basically burning themselves out for years, then it comes out that they're barely scraping by and can't take it anymore.
No one is saying people can't charge for their work though.
Unfortunately, the minio devs seem to have fallen into the common trap: make a great OSS project that works and that everyone likes, give it away for free, not know how to make money from it, and then start making user-hostile moves that piss off your users to try to make them customers - and who, surprisingly, do not want to be customers now that you've pissed them off.
It starts to feel more like a protection racket. You've got some great features here, would be a shame if something happened to them. Oh no, your docker containers! Oh, that's a tragedy what happened there, but you know, accidents happen.
giving a wrench to someone where you charge based on usage should be something that is agreed upon up front, not at some point later, after a rug is pulled out from under the customer.
It's fine to change your mind, but doing it in this way doesn't build goodwill. It would be better if they made an announcement that they would stop creating/distributing images on some future date; I'm sure that would also be poorly received, but it would show organizational capacity for continuity.
If I'm considering paying them for support, especially at the prices quoted elsewhere in the thread, I need to know they won't drop support for my wacky system on a whim. (If my system wasn't wacky, I probably wouldn't need paid support)
One is obviously knowing what you can add-on that people will pay for; support, for one, but people want more features too. What could minio have built on top of their product to sell to people? Presumably some kind of S3-style tiered storage system, replication, a good UI, whatever else, I'm not sure.
The second is getting people to actually know that that's an issue. I work for Tigera which publishes the Calico CNI for Kubernetes, and one of the biggest issues we have is that people set up Calico on their clusters, configure it, and then just never think about it again. A testament to the quality of the product, I'm sure, but it makes it difficult to get people to even know we have a commercial offering, let alone what it is and does and why it might be beneficial.
I could see the same thing for Minio; even if they have a great OSS product, a great commercial offering on top of that, and great support, getting people to even be aware of it in the first place is going to be a huge challenge and getting people to pay for it is even harder.
It's sad that they went the completely wrong direction and started taking things away from the community to force people to the commercial side of things whether they're willing to pay or not.
What I'm learning from this is to provide basically zero support from the outset and let it grow organically if I ever build a business on an open source product. As soon as you stop supporting anything for free someone feels entitled to it.
https://github.com/rustfs/rustfs?tab=readme-ov-file#rustfs-v...
comparing RustFS to MinIO, including a claim about the MinIo support price.
late stage capitalism arrives when people create businesses solely to get rich, and when other companies are created solely to get rich by helping those people create their companies so that they can get rich. that's what ycombinator is.
most of capitalism used to be symbiotic. engaging in transactions with businesses benefited both the business and the consumer.
now we live in a world where most or all of the benefit goes to the business and none or almost none to the consumer.
That's absurd. I would be running to NetApp and Dell for competitive object storage quotes then. Haven't done pricing on either one recently but at least a few years ago they were roughly half the price of S3 all in (including hosting costs).
That seems to be the key word.
One camp argues: Expect nothing. Move on.
The other: Could they - with very little effort (reasonable) - have choosen a more palatable route.
There must be a middle ground between the nihilists and the pampered.
https://github.com/golithus/minio-builds
Example use:
docker run -p 9000:9000 -p 9001:9001 ghcr.io/golithus/minio:latest
I see both sides of the argument here, the people maintaining minio should not have to push docker images for free, it is work to maintain and test, especially across all the host platforms. And, this work isn't that complicated if you want to do it yourself.
https://github.com/golithus/minio-builds/blob/main/Dockerfil...
And it is very true. Although the binary does also need building, which is also handled in the above actions workflow.
I don't. It's automated, it needs approximately zero attention. This is just a company that got where it was benefitting from open source taking the free toys away thinking there'll be profit in it.
In addition your favorite Linux distribution probably has it as from-source builds already.
For a container image you could try making one from Alpine or Wolfi.
It's built using Rust and React Router.
Just playing around with it
https://render.com/docs/deploy-minio
Hopefully this will finally push Render to build their own S3 wrapper.
Sure, just like nobody owes minio goodwill or business. People sour on these kinds of things because they feel sneaky and backhanded. It tells you something about the kind of people you're working with.
Imagine if a food kitchen suddenly started charging for the food, without notice. Or they started charging to use changing rooms in clothing stores. Etc, etc. You'd, rightly, expect a negative reaction, even if the "food kitchen doesn't owe anybody anything".
The biggest misstep in these situations is the corporations avoiding being honest and communicative about why the changes are suddenly necessary. We all know, intuitively, that in most cases its because it's not for a good reason. It's because they are greedy or otherwise feel pressured to show infinite growth.
But if anyone wants to run their own file storage(so not a client), there is https://github.com/seaweedfs/seaweedfs
Anyone relying on an opensource tool like minio, needs to look at:
* organization supporting it
* the license
* the build chain
* who else uses it?
* the distribution artifact needed for production.
If the org behind it ever decides to rugpull/elastic you, what're you gonna do? At least with something like minio, if they're still distributing the source it's trivial to build (and if you can't build it you should evaluate if you're in a position to rely on it).
Let's look at other cool open source things like SigNoz which distribute only docker artifacts (as far as I remember, anyhow) -- if they were to rugpull that people relying on it would be totally lost at sea.
This isn't to say that this isn't poor behavior on minio's part, but I feel like they've been signaling us for a while that they're looking to repay their VC patrons.
I love it that you use "elastic" as a verb here.
Overall, it's pretty clear that they don't view the OSS users kindly or want them around. I'm pretty sure that they would drop the entire community edition if they could do so legally and without much fuzz. You can expect more like this in the future. So this story shouldn't be seen simply as the loss of a docker image.
They don’t owe you anything.
THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM *"AS IS"* WITHOUT WARRANTY OF ANY KIND
I personally think this is a better option than migrating from an open source license to a source available and I would like more project adopt this approach from the beginning of their projects, to set people's expectation right.
The license establishes the limits of legal requirements and responsibilities. It doesn't shield you from criticisms and people being annoyed with you.
1. MinIO is a business and they don't owe anything to anyone for free. 2. People using the OSS version also are free to express their dissatisfaction.
This is not contract law though. This is about using OSS as a marketing gimmick to get mindshare, penetrate the market and then do a bait and switch.
From one hand, it is within their right to do whatever they want as marketing. From the other hand, we as the community should be more aware of OSS as marketing vs OSS as we would like to see it.
There is a damage to the community however: this erodes trust in OSS companies, so just like "content marketing" or "influencers" or any other type of marketing, after a while it loses its effectiveness, to the detriment of real "content", real "influence" and real "OSS".
> 1. MinIO is a business and they don't owe anything to anyone for free.
I don't think MinIO discontinuing the free docker image is really the problem here. Creating and distributing such images cost them practically nothing - either in infrastructure costs or in HR costs. If they find it that difficult, they only need to say it. Either the community or another company will gladly take it up for free. Even other cloud projects have alternative distributions like Bitnami builds.
The real issue is the pattern of behavior that this move exposes. They seem to have removed the web UI from the community edition claiming that it's hard to maintain (another thing the community would have gladly taken up if they were informed). They also stopped updating the community documentation. And these largely escaped attention until the docker build was discontinued. That itself is controversial since much effort wasn't spent in letting the users know that their current image was going to suffer bitrot indefinitely. Apparently there was also a CVE which was fixed in the source. They didn't consider it necessary to at least push the fixed container as a final measure.
All these are certainly hostile and unkind towards the community and it's bordering on dishonesty. They didn't lie. But neither did they do the bare minimum expected when taking such a drastic measure. It's clear that they're withdrawing their generosity for more profits after gaining a lot of mindshare with their earlier offering. I don't believe that the docker image alone would have inflamed the community so much.
For VC-backed companies -- or anything else where it's spend now, profit later -- the bait-and-switch is practically inevitable.
(Or, of course, the company can simply stop contributing, either from going out-of-business, or pivoting, or being acquired, etc.)
If you're considering building long term on oss from a for-profit company you should count on having to pay in the future. You should believe you have a decent understanding of their business model so you have an idea of how much you might need to pay. Of course that's usually very difficult for VC-backed "spend now, pay later" companies, so you might be best off avoiding them for anything long-term or foundational unless you think you can bear to switch, possibly on short notice.
they dont learn anything after redis case are they????
This move can’t be anything else other than malicious.
The community is having an outrage - and rightfully so - about a silently discontinued artifact delivery at a very critical time. Which is their opinion and every human being is entitled to have their own opinion and state it openly.
It is also perfectly fine to expect a standardised behaviour to continue.
However, what is most important is that is perfectly fine to shame an open source product for pulling features and money grabbing people after years of gathering community and locking them in.
If you are denied this possibility — it is much easier just to use S3.
You are a farmer, not a big fancy profitable one. Your tractor is from 1970 and works great, when it works. Your wife has health problems and can't really help out around the farm much - kids have gone off - so you just do things mostly by yourself. With your lucky dog Skip by your side. Even though times are tough and money ain't coming in like it used to - you still give free produce to the local schools and shelters. You've been doing it for over 20 years, and the community loves you for it.
But then your wife passes. Medical bills are too high. You can't give away free produce to the local schools anymore.
The community is outraged. They come to your farm with pitchforks. They set your barn and fields on fire.
This is kinda what this thread feels like lol.
If you need just the interface for dev environment, I am sure Claude can cobble it together in 1 day.
This seems like a maneuver of a dying company.
Why didn't YC invest in such a great product?
We need a healthy way to support open source developers. This isn't working. Companies are taking advantage, and individuals are overwhelmed with choice and have delusional expectations.
jeroenhd•7h ago
Based on promises alone, I think that means they un-dropped the open source project but still only distribute the binaries to their customers.
[1]: https://github.com/minio/minio/commit/9e49d5e7a648f00e26f224...