In an ongoing open source licensing dispute, MinIO, an object storage vendor, continues to accuse Nutanix, an HCI vendor, of failing to disclose the use of its technology, which led the object storage vendor to revoke Nutanix's license.
While it may not have a significant effect on customers, the revocation could change how they intend to use Nutanix Objects going forward and create a potential security hole.
MinIO, which has a compatible Amazon S3 API, said that Nutanix has been using its technology as part of the Nutanix Objects software stack since 2019 but never disclosed that fact, violating the open source license agreement. The issue gained momentum in July, when MinIO published a blog post outlining its claims, igniting a back and forth between the two vendors.
Ray Lucchesi, president of Silverton Consulting, described the issue as being pretty clear cut, stating that Nutanix is using an open source version of MinIO, which requires attribution when used commercially.
"Nutanix has used [MinIO] in its products for a while now as the object storage solution," Lucchesi said. "[That] seems pretty straightforward as a commercial use to me."
This week, Garima Kapoor, co-founder and COO of MinIO, revealed MinIO revoked the Nutanix license July 19, cautioning Nutanix Objects users to "check their security exposure."
Paul Nashawaty, an analyst at ESG, a division of TechTarget, echoed the point, saying the update to GNU Affero General Public License (AGPL) v3 fixed a security issue and that may not be resolved for Nutanix Objects users still on Apache v2.
But overall, he said the direct impact on end users will likely be minimal, given that MinIO is just one component of many in Nutanix Objects. He compared MinIO to a car steering wheel, calling it a necessary but easily replaceable part.
"The users that are using Nutanix Objects today will have to work with Nutanix on the next generation," Nashawaty said. "Will they choose to go with Objects or look for an alternative?"
Migrating to a different or newer technology will bring up questions, but exactly what questions remains to be seen, Nashawaty said.
Nutanix is still providing enterprise-level support for its Objects customers. It will just have to go elsewhere for the component it is missing from MinIO.
Back and forth
A back and forth between the two vendors started when Kapoor illustrated in a blog post how Nutanix was violating the open source agreement, stating that it has been trying to correct the record since 2019. Kapoor claimed that Nutanix was in violation of the Apache v2 license, a software license that grants permission of use, and GNU AGPL v3 versions of MinIO.
Nutanix initially responded with a blog post of its own denying any wrongdoing. The company walked that position back a week later, when it acknowledged that it "discovered some inadvertent omissions in Nutanix Objects' open source attribution and notices required under the Apache 2.0 license," and apologized for the oversight.
Adam Armstrong is a TechTarget news writer covering file and block storage hardware and private clouds. He previously worked at StorageReview.com.