6

Weka Violates MinIO's Open Source Licenses

 2 years ago
source link: https://blog.min.io/weka-violates-minios-open-source-licenses/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
neoserver,ios ssh client

Weka Violates MinIO's Open Source Licenses

At MinIO, we are dedicated to the principles of open source software. From the beginning, we’ve remained committed to this philosophy and that’s why you will find that the upstream and the commercial code are exactly the same. We are obligated to protect our software - particularly from companies that package it in their proprietary products and pass off our innovation as their own.

Weka is one such company and as you will find below, they are distributing the entire MinIO binary in their product, without attribution, to implement their object storage functionality. Weka’s violations include the server, the client and even the WARP benchmarking tool. Confusingly, Weka’s advertising claims its unacknowledged redistribution of MinIO software is somehow faster than MinIO.  

As a result of the open source license violations, MinIO revokes Weka’s license to any and all MinIO software, effective immediately.

All customers of Weka that are using the offending software are now doing so without a license. Because Weka has not made the appropriate disclosures in accordance with the license and has used MinIO’s brand to intentionally confuse their customers, we are exercising our right to terminate and revoke any license or sublicense under Apache License v2 and the GNU AGPL v3 in accordance with the terms of those licenses.

Further, we have requested that Weka stop copying and redistributing any forked software where they have failed to convey MinIO’s original license headers and the text of the license, as well as the included patent and copyright licenses, to its customers.

If you are a Weka customer, it is crucial that you understand the legal and security risks stemming from these license violations. You are almost certainly not on the latest version of the MinIO Object Storage Software (see security issues here, if Weka backported any changes, this will likely trigger the AGPL v3 license). Additionally, Weka may not be providing you sufficient IP protection or indemnification. MinIO recommends uninstalling Weka entirely from your infrastructure.

MinIO does not enjoy taking these actions, but we must. We are obligated to defend our software, brand, and license terms. To not do so would be to fail the community and to undermine the promise of the MinIO brand to create simple, powerful, performant open source software.

By standing firm on our commitment to open source, we are taking a stand for the greater good of the object storage industry. We believe that transparency and honesty are essential for building secure, innovative solutions that benefit customers. With MinIO, you can be confident that you are using software that is both secure, and built with the community’s best interests at heart.

Weka customers can see this infringement for themselves by following these steps.

Download Weka after getting access to Weka https://get.weka.io (weka-4.1.0.71)

Once you have downloaded and extracted the weka release you will find weka-4.1.0.71/

~ tar xvf weka-4.1.0.71.tar
weka-4.1.0.71/
weka-4.1.0.71/4.1.0.71
weka-4.1.0.71/4.1.0.71.spec
weka-4.1.0.71/api-52da22b2cd0ed1b50978e57d509a47c6.squashfs
weka-4.1.0.71/aws-cloudformation-d4e38f0cedad1f07332533175c5a6fa0.zip
weka-4.1.0.71/container-ganesha-dev-weka-2-2a9043bc5a3669e6d3498a134575e134.squashfs
weka-4.1.0.71/container-s3-weka-release-459ba907ea2ca2fc6c3940deba2dc631.squashfs
weka-4.1.0.71/container-samba-weka-4.7.12.3-95d7e0704b141138b43d76b226f55eda.squashfs
weka-4.1.0.71/container-smbw-weka-4.7.12.3-2f44067d8868530d8f7e86d035fbb7a8.squashfs
weka-4.1.0.71/dashboard-8dbfa0f8a99260cd06825181ea0eb6d6.squashfs
weka-4.1.0.71/dependencies-1.0.0-81dd3682be55880a5ef2b337bce9ae4d.squashfs
weka-4.1.0.71/driver-uio-pci-generic-1.0.0-d644841c998c88e4fc66529e4484dbb6.squashfs
weka-4.1.0.71/install.sh
weka-4.1.0.71/ofed-1b295470b56ec067af7340f2cca7e27a.squashfs
weka-4.1.0.71/ui-1.0.0-5bc747765d326e6e1c3488285822f459.squashfs
weka-4.1.0.71/weka-container-2.3.0-9c60adc0f77d96f577211d30cbf9ef3c.squashfs
weka-4.1.0.71/weka-driver-1.0.0-595420f10959c344dc93b1eff50bb016.squashfs
weka-4.1.0.71/weka-driver-igb-uio-4.0.0-b8dc002ff96443389fdef3f08462b238.squashfs
weka-4.1.0.71/weka-ganesha-18ca10b28151817a7c8bb7267e6f5e9d.squashfs
weka-4.1.0.71/weka-hostside-be7022b2fb8d07e029e3ae414452a3e5.squashfs
weka-4.1.0.71/weka-node-7dd65bb3b9240a695217fe1e98f1c96d.squashfs
weka-4.1.0.71/weka-s3-152101ca875b1b3e68598a8436da01ba.squashfs
weka-4.1.0.71/weka-samba-fa23b1ed5b86200b1d682f072bc9af61.squashfs
weka-4.1.0.71/weka-smbw-b038d6b57ae8f593e98282b2709b69b1.squashfs

Now look for the minio binary after mounting the squashfs images locally:

~/weka-4.1.0.71$ for i in $(ls *squashfs); do m=$(echo $i | cut -f1 -d.); sudo mkdir -p /mnt/${m}; sudo mount -o loop $i /mnt/${m}; done
~/weka-4.1.0.71$ find /mnt/ 2>&1 | grep -w minio
/mnt/container-smbw-weka-4/usr/lib/ocf/resource.d/heartbeat/minio
/mnt/container-s3-weka-release-459ba907ea2ca2fc6c3940deba2dc631/usr/bin/minio
/mnt/weka-s3-152101ca875b1b3e68598a8436da01ba/minio.sh.template
~/weka-4.1.0.71$

As you can see the the minio binary is located under container-s3-weka-release : Now you can run the binary on a local directory.

VqKuoAaYiFEdDY0Z4vwtsWpwbhnCAxQ4elOLGLLQf5AjzK4g_iWPkxah57OHxTR_bLoqyMPDhSmMkGrIt6uPM4mUHqSQ5Cgw9snQkPEWNM1DofneIcgiZG9mwjjR2YXIaspRPUNnStw-Ij7Q74Wj5tw
rCaa28BLxAy6MYuEP315htDna2S6tmmELHd2YF7jiCYqdpD3KHRYQ1byaGjcouNq10b3tizy40vgRuwmxKOYi7BfhueKd3kkalryjIx2FIwv_ifhchLv2UpEaDB-DYl6tOJ9ob5jr6_aUyMEhM4s4zU
RpdlLYpyyhwDegFUT2VBD0mUSWR3IKk1ghUALX5UkTh4leoghOBkjJrIOssStahWOKw0PO1EqHkSXRsNzcmorJzxjyS5XG575FbiJ4GJdFjkbVqTJdzkTw-b40ihYRwi0jy_ccaPf31LzVpa4_95UV8

You can now visit the link at http://64.71.151.66:9000 and interact with MinIO using the object browser.

qgTqgO19s8JANaIepu-DqwbSftcthkBu9aVeQ6rj_nRbOgt5iq_M0bIIfNVNVp-T2i9C3dfNQFOyrlDoSS4T3Cvb8XH8NR8bzWWK8kjk4iW2fWry8fEzcioM_Ojuqa0mTm18tLUd3DQB8ku1PXk3UjE

After logging in with root credentials, you can interact with objects using MinIO’s browser.

dMiIYluJGbEC0_QLgZE-m4C0EsOc5YLrynqSlgr59_-ijP4YGitM5aWMrjx0TWrbO7QnMB_OUEaV95sPF39tyHON0jvs5XrCTb_D4ykLOoNBXFGR74tBbOsFbZB12JM-AeguDvPL_eD416uaX-BcjVs

The link to Docs in the browser naturally refers to MinIO:

USPlzD2QN3j4so8ob3cud6oyBpFr4LixCvckfc9EX6h8JVdmczB2F4XEeU9sL4s9XPEHnL2MX3uvs861IITCyuqONONFIRJ1wypdpVDzU59yeCb8yiJ4VumS6fpiX-LMnLBAlif8hmMiXl2LdzdSvzw

Weka has also incorporated other components from the MinIO object storage suite into their products - again without attribution.

Here are examples of the MinIO Client (mc) and MinIO’s Warp performance testing software.

Nof-k8zPO4E-hkHIBPN0g256skA2UdcD7JdcWJW63GPyOpgipC690PA42ATLdMTd3Idky42qeSmwLL0Pk9cAIoTxvFQTBnC5Q-1P2kt0TDMAuJ-7ysLwGNa2eexiydeuVY7ISs_rhEFV1hWJ032ubEc

fbfwctJmE1EYDNsDt-wuwyNqeE9L7ftdWgAWI7F3_rd1VgEkdGHaTFLjl9MOhtivjZ8MzQWwFHEOY0aLL26ok7T6tKvx4saVDNaE_pBqFfwIgaCBceAraHfdCuT9CnTbFMD2jRuNiV_O2mB6BdCjexg

Here are examples of MinIO’s launch scripts:

2uI5lLb9jAz9KfA03-wiw4SdmIRGQIGb8cmISbl0lHkYakqWmIClsHftMVLJ5l5n_qhEjQvpP0J_TGByrRzMRtkhZNTHIujyefLvOR9F-fa2Jg0-bGkxQb60i5FlxPha2J2CPzorMyGn53FsxTW4zOk

To summarize, MinIO has revoked Weka’s license to any and all MinIO software, effective immediately. Customers running Weka are in violation of the MinIO licenses - despite assurances that Weka may provide to the contrary. If those customers would like to speak with us directly they can do so at [email protected].


report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK