On July 19th, MinIO revoked Nutanix’s Apache v2 license to MinIO’s object storage suite due to violations of that license. This is an update to that post.
Nutanix admitted they violated MinIO’s Apache 2 license. The open source movement depends on the protection of intellectual property to ensure freedom for all the users. Nutanix’s behavior in this matter is concerning.
The Nutanix blog claims the notice failure was “inadvertent.” We informed Nutanix in December of 2019 that they were lacking the appropriate attribution.
During the intervening years, Nutanix actively misled industry and financial analysts, telling them they were no longer using MinIO code. This allowed them to participate in things like the Gartner Magic Quadrant, IDC Marketscape and GigaOm Radar - evaluations they would have otherwise been excluded from.
Nutanix claims that they only use “a limited set of MinIO components” which is “just non-data path components.” We would ask the following: if their usage is limited to just a few components, why is the entire MinIO binary present in the Nutanix Objects code? If the “limited set of MinIO components” is so small, why not just remove them?
Something doesn’t add up.
MinIO has revoked the license to Nutanix. We did so on July 19th. We fully expect that the entirety of the binary including the “limited set of MinIO components” will be removed from the Nutanix Objects code completely. Until then, Nutanix should not distribute any Objects product containing our code.
Furthermore, Nutanix customers should know that their existing code is unlicensed and they should check their indemnification clauses. Nutanix customers should also check their security exposure. Despite assurances otherwise, there are and will continue to be security advisories. These security issues are fixed in the AGPL v3 code; we cannot speak to how Nutanix addressed them in the Apache v2 code. Customers should be asking questions.
We are committed to defending the open source model. We fully expect that Nutanix will comply with the request to remove all MinIO software from their products.