Nutanix Objects Violates MinIO’s Open Source License
MinIO is the creator of MinIO Object Storage, an open source object storage platform. We strongly believe in keeping our software open source - the best quality software is made with community collaboration, so people are free to innovate and improve. Open source licenses are essential to ensuring people know where their software comes from, and can keep it secure through transparency. It also guarantees basic freedoms of use and distribution.
Sometimes companies threaten the open source model by violating open source licenses and failing to provide IP guarantees and source identification to their users. We are disappointed to have to call out Nutanix, but we must protect MinIO users and ensure they understand the rights they are owed by Nutanix.
Nutanix Objects is built around MinIO object storage. Since its introduction in 2018, Nutanix has been distributing MinIO as part of their software stack, but has not disclosed it to its users. Nutanix has been in continued violation of the Apache v2 and we believe they may also be in violation of the GNU AGPL v3 versions of MinIO.
For the past three years, we have tried to resolve the license compliance issues in good faith discussions with Nutanix. However, we have not made meaningful progress. As a result, we have informed Nutanix that we are terminating and revoking any license or sublicense under Apache v2 and the AGPL v3 in accordance with the terms of those licenses. Further, we have requested that Nutanix stop the copying and redistribution of any forked software where they have failed to convey MinIO’s original license headers and the text of the license, as well as the included patent and copyright licenses, to its customers.
If you are a customer of Nutanix Objects, there may be legal and security risks you should be aware of as a consequence of these license violations. You may not be on the latest version of the MinIO Object Storage Software, and you may not be receiving adequate IP licenses from Nutanix.
Imitation is the most sincere form of flattery. While we are complimented that Nutanix built huge portions of its product offerings around our software, we owe a duty to MinIO users to inspect and seek to remedy license violations wherever we find them.
Here is how we found the evidence of MinIO distribution and usage inside Nutanix Objects in the field:
1. Created Nutanix Object Store from their UI.
2. SSH to MSP:
nutanix@PCVM:~$ mspctl cluster ssh <cluster_name>
3. Attached to the object controller pod using the command:
kubectl exec -it object-controller-0 -- bash
The minio object storage server binary was found in their object controller pod as shown in the screenshot. Nutanix just put a wrapper around a modified version of the MinIO binary inside their object storage platform. Nutanix also did not disclose the usage of MinIO in their Open Source Disclosures or EULA to their customers.
Ultimately, this is about innovation. MinIO continues to innovate in the space and we have worked tirelessly to create the best object store on the market. We are proud to defend that work.