IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Nutanix accused of violating open source licence in object storage product

MinIO claims it has tried and failed to resolve the issues with the company for three years

Enterprise cloud and storage company Nutanix has been accused of violating its open source licence by object storage platform MinIO.

MinIO said Nutanix failed to provide IP guarantees and source identification to its users, flouting a core principle of the open source model.

“Nutanix has been in continued violation of the Apache v2 and we believe they may also be in violation of the GNU AGPL v3 versions of MinIO,” the company said.

Garima Kapoor, co-founder and COO at MinIO, clarified the accusations further in a post on Linkedin, adding that “Nutanix has failed to convey MinIO’s original license headers and the text of the license, as well as the included patent and copyright licenses.

“Stripping off license headers on purpose to pass innovation from a start-up and showcasing it as their own is a willful infringement and more important against business ethics,” she added.

As a result, MinIO has revoked Nutanix’s licence or sublicence under Apache v2 and GNU AGPL v3,” it said in a blog post.

MinIO also claimed that it had been in discussions with Nutanix for three years, trying to resolve the compliance issues in good faith, however the company “has not made meaningful progress”.

The company said open source licences are critical for helping users understand from where their software originates, while also helping to improve security through transparency.

“It also guarantees basic freedoms of use and distribution,” said MinIO.

Related Resource

Storage's role in addressing the challenges of ensuring cyber resilience

Understanding the role of data storage in cyber resiliency

Whitepaper cover with title over a grey rectangle with header graphic and ESG logoFree Download

“We are disappointed to have to call out Nutanix, but we must protect MinIO users and ensure they understand the rights they are owed by Nutanix,” it added.

Nutanix told IT Pro that the company recognises "the value of the open source communities and take our participation and stewardship very seriously".

"With respect to some recent allegations in a blog that we may have used software in possible violation of an open source license in our Objects product, please note that Nutanix stands behind our products, including any open source that we incorporate into them, and commits to indemnifying our customers against intellectual property claims arising out of the use of our products, should the need ever arise.

"We will be reaching out to engage with the blog’s author promptly and will continue to update the community here," it added.

MinIO alleges that Nutanix has been distributing its object storage technology throughout the Nutanix Objects stack since its introduction in 2018, but has not disclosed this to its users.

Updated earlier this month, the documentation for Nutanix Objects does not mention MinIO and accessing the details of the product’s associated open source licencing requires a Nutanix customer login.

What MinIO's investigation found

MinIO published its step-by-step method of discovering the evidence to support its allegations.

  1. The company created a Nutanix Object Store from its UI
  2. Entered an SSH to MSP command:
    nutanix@PCVM:~$ mspctl cluster ssh
  3. Attached to the object controller pod using the command:
    kubectl  exec -it object-controller-0 -- bash
Screenshot of the terminal used by MinIO to determine the open source license violation

MinIO

MinIO said its object storage binary was found in the Nutanix object controller pod and can be seen in the screenshot above.

“Nutanix just put a wrapper around a modified version of the MinIO binary inside their object storage platform,” MinIO said. “Nutanix also did not disclose the usage of MinIO in their Open Source Disclosures or EULA to their customers.

“Ultimately, this is about innovation,” it added. “MinIO continues to innovate in the space and we have worked tirelessly to create the best object store on the market. We are proud to defend that work.”

MinIO advised Nutanix Objects customers to assess their exposure to legal and security risks since they may not be on the latest version of MinIO Object Storage software and may not be receiving adequate IP licences from Nutanix.

Featured Resources

The state of Salesforce: Future of business

Three articles that look forward into the changing state of Salesforce and the future of business

Free Download

The mighty struggle to migrate SAP to the cloud may be over

A simplified and unified approach to delivering Enterprise Transformation in the cloud

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

The Total Economic Impact™ Of IBM FlashSystem

Cost savings and business benefits enabled by FlashSystem

Free Download

Most Popular

Cyber attack on software supplier causes "major outage" across the NHS
cyber attacks

Cyber attack on software supplier causes "major outage" across the NHS

8 Aug 2022
Why convenience is the biggest threat to your security
Sponsored

Why convenience is the biggest threat to your security

8 Aug 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

29 Jul 2022