Hyperconverged system platform vendor Nutanix has said sorry to MinIO for not fulfilling the terms of the Apache v2 license with its use of MinIO open source software in the Nutanix Objects product.
This was triggered by a public complaint from MinIO earlier this month when CFO Garima Kapoor said Nutanix was in violation of the Apache v2 license and, possibly the GNU AGPL v3 license as well, with its adoption of MinIO code. The two companies were in discussions over this for 3 years, with no satisfactory outcome for MinIO, hence Kapoor’s public message.
Nutanix told us last week it was “surprised by the list of allegations” and was “looking into these claims.” That inquiry is now complete.
Jennifer Massaro, Nutanix corporate communications VP, mailed a Nutanix statement to us. It said that: “During our inquiry, we discovered some inadvertent omissions in Nutanix Objects’ open source attribution and notices required under the Apache 2.0 license. For this, we are sorry and are committed to doing a better job of complying with the Apache notice and attribution going forward.”
Nutanix said the internal probe confirmed it only used MinIO code licensed under the Apache 2.0 license and not any of the MinIO code licensed under AGPL v3.
The company’s statement added: “We have made updates to the technical information in the Nutanix Bible and, to comply with Apache attribution and notices, have ensured that the attribution notices are immediately available in our Objects Documentation. We will also be including the updated attribution and notices in the next release.”
“Nutanix Objects is built using a combination of organic innovation and leverage of open source components including a limited set of MinIO components, and we have reduced the use of MinIO even further to just non-data path components over the past year.”
It wants customers and the public to know that: “software developed either in-house or by open source inclusion undergoes the same security oversight and review level at Nutanix. All products, and their respective components, are subject to our Security Development Lifecycle (SDL) as well as regular penetration testing and review to deliver the security our customers expect and deserve.”
We have asked MinIO for comment.
