Skip to ContentSkip to Footer
IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more
News

Nutanix accused of violating open source licence in object storage product

MinIO claims it has tried and failed to resolve the issues with the company for three years

by: Connor Jones
21 Jul 2022
Nutanix building in front of a blue sky

Shutterstock

Enterprise cloud and storage company Nutanix has been accused of violating its open source licence by object storage platform MinIO.

MinIO said Nutanix failed to provide IP guarantees and source identification to its users, flouting a core principle of the open source model.

“Nutanix has been in continued violation of the Apache v2 and we believe they may also be in violation of the GNU AGPL v3 versions of MinIO,” the company said.

Garima Kapoor, co-founder and COO at MinIO, clarified the accusations further in a post on Linkedin, adding that “Nutanix has failed to convey MinIO’s original license headers and the text of the license, as well as the included patent and copyright licenses.

“Stripping off license headers on purpose to pass innovation from a start-up and showcasing it as their own is a willful infringement and more important against business ethics,” she added.

As a result, MinIO has revoked Nutanix’s licence or sublicence under Apache v2 and GNU AGPL v3,” it said in a blog post.

MinIO also claimed that it had been in discussions with Nutanix for three years, trying to resolve the compliance issues in good faith, however the company “has not made meaningful progress”.

The company said open source licences are critical for helping users understand from where their software originates, while also helping to improve security through transparency.

“It also guarantees basic freedoms of use and distribution,” said MinIO.

Related Resource

Storage's role in addressing the challenges of ensuring cyber resilience

Understanding the role of data storage in cyber resiliency

Whitepaper cover with title over a grey rectangle with header graphic and ESG logoFree Download

“We are disappointed to have to call out Nutanix, but we must protect MinIO users and ensure they understand the rights they are owed by Nutanix,” it added.

Nutanix told IT Pro that the company recognises "the value of the open source communities and take our participation and stewardship very seriously".

"With respect to some recent allegations in a blog that we may have used software in possible violation of an open source license in our Objects product, please note that Nutanix stands behind our products, including any open source that we incorporate into them, and commits to indemnifying our customers against intellectual property claims arising out of the use of our products, should the need ever arise.

"We will be reaching out to engage with the blog’s author promptly and will continue to update the community here," it added.

MinIO alleges that Nutanix has been distributing its object storage technology throughout the Nutanix Objects stack since its introduction in 2018, but has not disclosed this to its users.

Updated earlier this month, the documentation for Nutanix Objects does not mention MinIO and accessing the details of the product’s associated open source licencing requires a Nutanix customer login.

What MinIO's investigation found

MinIO published its step-by-step method of discovering the evidence to support its allegations.

  1. The company created a Nutanix Object Store from its UI
  2. Entered an SSH to MSP command:
    nutanix@PCVM:~$ mspctl cluster ssh [cluster_name]
  3. Attached to the object controller pod using the command:
    kubectl  exec -it object-controller-0 -- bash
Screenshot of the terminal used by MinIO to determine the open source license violation

MinIO

MinIO said its object storage binary was found in the Nutanix object controller pod and can be seen in the screenshot above.

“Nutanix just put a wrapper around a modified version of the MinIO binary inside their object storage platform,” MinIO said. “Nutanix also did not disclose the usage of MinIO in their Open Source Disclosures or EULA to their customers.

“Ultimately, this is about innovation,” it added. “MinIO continues to innovate in the space and we have worked tirelessly to create the best object store on the market. We are proud to defend that work.”

MinIO advised Nutanix Objects customers to assess their exposure to legal and security risks since they may not be on the latest version of MinIO Object Storage software and may not be receiving adequate IP licences from Nutanix.

Featured Resources

ZTNA vs on-premises VPN

How ZTNA wins the network security game

Free Download

The global use of collaboration solutions in hybrid working environments

How companies manage security risks

Free Download

How to build a cyber-resilient business ready to innovate and thrive

Outperform your peers in your successful business outcomes

Free Download

Accelerating your IT transformation

How Cloudflare is innovating for CIOs to start 2023

Watch now

Recommended

Organisations are scaling back their open source software due to security fears – Anaconda
open source

Organisations are scaling back their open source software due to security fears – Anaconda

15 Sep 2022

Most Popular

Tech pioneers call for six-month pause of "out-of-control" AI development
artificial intelligence (AI)

Tech pioneers call for six-month pause of "out-of-control" AI development

29 Mar 2023
Getting the best value from your remote support software
Advertisement Feature

Getting the best value from your remote support software

13 Mar 2023
3CX CEO confirms supply chain malware attack
malware

3CX CEO confirms supply chain malware attack

30 Mar 2023
Skip to HeaderSkip to Content