Object storage software vendor MinIO’s CFO Garima Kapoor claims Nutanix is breaking the terms of its open-source license.
Update: Nutanix provides expanded statement responding to MinIO’s allegations. 21 July 2021.
Kapoor reckons the Nutanix Objects software, introduced in 2018, is built around MinIO object storage. This has not been disclosed to its users, which puts Nutanix, she says, in continued violation of the Apache v2 license and, she believes, the GNU AGPL v3 versions of MinIO.
“For the past three years, we have tried to resolve the license compliance issues in good faith discussions with Nutanix. However, we have not made meaningful progress,” she writes.
“We have informed Nutanix that we are terminating and revoking any license or sublicense under Apache v2 and the AGPL v3 in accordance with the terms of those licenses.” In other words, MinIO is saying Nutanix no longer has the right to distribute its object storage software.
To hammer that nail home more firmly: “We have requested that Nutanix stop the copying and redistribution of any forked software where they have failed to convey MinIO’s original license headers and the text of the license, as well as the included patent and copyright licenses, to its customers.”
From now on, customers using Nutanix Objects “may not be on the latest version of the MinIO Object Storage Software, and… may not be receiving adequate IP licenses from Nutanix” with potenital but undefined legal and security risks.
MinIO backs up its claim by showing how to reveal Nutanix’s use of MinIO software:
- 1. Creat Nutanix Object Store from their UI
- 2. SSH to MSP: nutanix@PCVM:~$ mspctl cluster ssh <cluster_name>
- 3. Attach to the object controller pod using the command: kubectl exec -it object-controller-0 — bash
The screenshot above shows the MinIO object storage server binary in Nutanix’s object controller pod. Kapoor says: “Nutanix just put a wrapper around a modified version of the MinIO binary inside their object storage platform. Nutanix also did not disclose the usage of MinIO in their Open Source Disclosures or EULA to their customers.”
This is, on the face if it, a disagreement that could be ended in minutes by Nutanix fulfilling the Apache v2 and GNU AGPL v3 license conditions as MinIO desires. Why it has not done so and held up a resolution of this argument for three years is hard to understand. Surely it does not want to appear to be deceiving its customers.
Back in November 2019, we wrote: “Nutanix Buckets S3 adapter software is based on the open source Minio software stack, as this Nutanix document explains.” The link to the Nutanix document now elicits a “Sorry. This page does not exist yet” response.
We asked Nutanix to comment. A spokesperson told us: “Nutanix has a long history of openly documenting our architecture in the freely available Nutanix Bible, and we’re committed to open-source software and stewardship of the open source community, actively participating in various projects. We are surprised by the list of allegations, but we take any allegations seriously and are looking into these claims.”
We have read the Object Services part of the Nutanix Bible and can find no reference to MinIO there.
A second Nutanix statement said: “Nutanix strives to implement unique features and innovative capabilities to delight our customers. In doing so, we recognize the value of the open source communities and take our participation and stewardship very seriously.
“With respect to some recent allegations in a blog that we may have used software in possible violation of an open source license in our Objects product, please note that Nutanix stands behind our products, including any open source that we incorporate into them, and commits to indemnifying our customers against intellectual property claims arising out of the use of our products, should the need ever arise.
“We will be reaching out to engage with the blog’s author promptly and will continue to update the community here.”