top | item 45668391

(no title)

cduzz | 4 months ago

I haven't used minio in years, and when I did I only fiddled around with it, but my recollection of it is that it's about the simplest build chain imaginable. Install modern golang, build minio, get single binary.

Anyone relying on an opensource tool like minio, needs to look at:

  * organization supporting it
  * the license
  * the build chain
  * who else uses it?
  * the distribution artifact needed for production.

Once you've looked at that you can decide "is this an anchor I want to handcuff myself to and hope the anchor won't jump into the icy blue deep taking me and my dreams with it?"

If the org behind it ever decides to rugpull/elastic you, what're you gonna do? At least with something like minio, if they're still distributing the source it's trivial to build (and if you can't build it you should evaluate if you're in a position to rely on it).

Let's look at other cool open source things like SigNoz which distribute only docker artifacts (as far as I remember, anyhow) -- if they were to rugpull that people relying on it would be totally lost at sea.

This isn't to say that this isn't poor behavior on minio's part, but I feel like they've been signaling us for a while that they're looking to repay their VC patrons.

discuss

goku12|4 months ago

They have also removed the web UI and stopped updating the documentation for the community edition. The former is not extremely serious as the community can easily replace it. The latter is arguably the worst among all the changes that we know of. While they do redirect community documentation towards its enterprise counterpart, it's becoming clear that the differences in the community edition won't be addressed at all. That will make MinIO community edition less viable over time.

Overall, it's pretty clear that they don't view the OSS users kindly or want them around. I'm pretty sure that they would drop the entire community edition if they could do so legally and without much fuzz. You can expect more like this in the future. So this story shouldn't be seen simply as the loss of a docker image.

cduzz|4 months ago

Right -- I think it's quite clear that if you're relying on the free minio you need to look elsewhere or peer up with some others and fork it.

And any adoption of a critical piece of software needs to have a risk calculus associated with it of "what if they get bought by CA, invaded by Russia and murdered, murder their wife and go to jail, or dedicate their remaining time on earth to writing haiku?"

Both open source software and commercially supported software have risks and mitigations. I'd argue that you're actually safer with open source software since you can pick up and keep running it, but that's not a trivial undertaking.

apavlo|4 months ago

> If the org behind it ever decides to rugpull/elastic you

I love it that you use "elastic" as a verb here.