MinIO stops distributing free Docker images

Original Article ↗ Hacker News Discussion ↗

What MinIO Changed

  • README now states the “community edition is distributed as source code only”; official Docker images and other binaries stopped.
  • Change landed just after a critical CVE fix, leaving the last public image unpatched unless users rebuild.
  • Earlier moves already upset users: removal of most of the web admin UI from the community build, and discontinuation/redirect of community documentation to the commercial AIStor docs.
  • Site and marketing appear to pivot toward AIStor and “AI” use cases rather than “self‑hosted S3 alternative”.

Immediate Reactions and Security Concerns

  • Many relied on minio/minio images for dev, CI, and even production; they now must build and host their own images and pipelines.
  • Several commenters call it irresponsible to stop images right after a CVE without warning or a final patched image, arguing it harms security for unaware users.
  • Others downplay the impact: MinIO is trivial to build (Go single binary), Dockerfile is in the repo, and serious operators should already be comfortable compiling and running their own images.

Debate: Expectations vs Entitlement

  • One camp: MinIO owes users nothing beyond the AGPL’d source; Docker images were a free convenience that can stop any time. Complaints are “entitlement” and freeloading.
  • Other camp: years of consistently shipping images, plus active promotion, created reasonable expectations. Abruptly pulling them (and previous UI/docs removals) violates a social contract even if not a legal one.
  • Long subthreads argue about implicit commitments, analogy wars (free electricity, shoveling sidewalks, parties), and how much obligation comes with popular FOSS.

Licensing and Legal Ambiguity

  • MinIO’s past guidance on AGPL was seen as unusually aggressive (claiming any stack exchanging data with MinIO was subject to AGPL); that language has since been softened.
  • Questions raised about whether they properly obtained contributor permission for the AGPL switch and about mixed Apache2/AGPL history.
  • Some see the pattern (AGPL, feature removals, binaries only for paying customers) as “open source cosplay” and a prelude to further lock‑in.

Alternatives and Forks

  • Multiple alternatives discussed:
    • Garage (Rust, AGPL, good for homelab/dev; missing some S3 features like bucket ACLs/replication; considered fiddly by some).
    • Ceph/RadosGW (mature, heavy, “adopt Ceph, adopt a Ceph engineer”).
    • SeaweedFS, RustFS, versitygw, Cloudian HyperStore, OpenStack Swift, etc.
  • Community Docker images and build pipelines already emerging (e.g. third‑party GitHub Actions, GHCR/Docker Hub mirrors).
  • Some suggest forking MinIO proper due to feature removals and hostility; others note maintaining a fork is real work and AGPL limits commercial relicensing.

Perceived Business Strategy and Trust

  • Many characterize this as a textbook “rug pull”/enshittification: use OSS and free binaries to gain mindshare, then constrain free use to drive enterprise sales.
  • Others frame it as inevitable: VC‑backed companies must monetize; open source users shouldn’t base critical infra on vendor‑run free binaries.
  • Result: several teams report actively planning migrations away from MinIO; others will stick but treat it as “source only” and self‑maintain images.