Weka Violates MinIO's Open Source Licenses

At MinIO, we are dedicated to the principles of open source software. From the beginning, we’ve remained committed to this philosophy and that’s why you will find that the upstream and the commercial code are exactly the same. We are obligated to protect our software - particularly from companies that package it in their proprietary products and pass off our innovation as their own.

Weka is one such company and as you will find below, they are distributing the entire MinIO binary in their product, without attribution, to implement their object storage functionality. Weka’s violations include the server, the client and even the WARP benchmarking tool. Confusingly, Weka’s advertising claims its unacknowledged redistribution of MinIO software is somehow faster than MinIO.  

As a result of the open source license violations, MinIO revokes Weka’s license to any and all MinIO software, effective immediately.

All customers of Weka that are using the offending software are now doing so without a license. Because Weka has not made the appropriate disclosures in accordance with the license and has used MinIO’s brand to intentionally confuse their customers, we are exercising our right to terminate and revoke any license or sublicense under Apache License v2 and the GNU AGPL v3 in accordance with the terms of those licenses.

Further, we have requested that Weka stop copying and redistributing any forked software where they have failed to convey MinIO’s original license headers and the text of the license, as well as the included patent and copyright licenses, to its customers.

If you are a Weka customer, it is crucial that you understand the legal and security risks stemming from these license violations. You are almost certainly not on the latest version of the MinIO Object Storage Software (see security issues here, if Weka backported any changes, this will likely trigger the AGPL v3 license). Additionally, Weka may not be providing you sufficient IP protection or indemnification. MinIO recommends uninstalling Weka entirely from your infrastructure.

MinIO does not enjoy taking these actions, but we must. We are obligated to defend our software, brand, and license terms. To not do so would be to fail the community and to undermine the promise of the MinIO brand to create simple, powerful, performant open source software.

By standing firm on our commitment to open source, we are taking a stand for the greater good of the object storage industry. We believe that transparency and honesty are essential for building secure, innovative solutions that benefit customers. With MinIO, you can be confident that you are using software that is both secure, and built with the community’s best interests at heart.

Weka customers can see this infringement for themselves by following these steps.

Download Weka after getting access to Weka https://get.weka.io (weka-4.1.0.71)

Once you have downloaded and extracted the weka release you will find weka-4.1.0.71/

~ tar xvf weka-4.1.0.71.tar weka-4.1.0.71/ weka-4.1.0.71/4.1.0.71 weka-4.1.0.71/4.1.0.71.spec weka-4.1.0.71/api-52da22b2cd0ed1b50978e57d509a47c6.squashfs weka-4.1.0.71/aws-cloudformation-d4e38f0cedad1f07332533175c5a6fa0.zip weka-4.1.0.71/container-ganesha-dev-weka-2-2a9043bc5a3669e6d3498a134575e134.squashfs weka-4.1.0.71/container-s3-weka-release-459ba907ea2ca2fc6c3940deba2dc631.squashfs weka-4.1.0.71/container-samba-weka-4.7.12.3-95d7e0704b141138b43d76b226f55eda.squashfs weka-4.1.0.71/container-smbw-weka-4.7.12.3-2f44067d8868530d8f7e86d035fbb7a8.squashfs weka-4.1.0.71/dashboard-8dbfa0f8a99260cd06825181ea0eb6d6.squashfs weka-4.1.0.71/dependencies-1.0.0-81dd3682be55880a5ef2b337bce9ae4d.squashfs weka-4.1.0.71/driver-uio-pci-generic-1.0.0-d644841c998c88e4fc66529e4484dbb6.squashfs weka-4.1.0.71/install.sh weka-4.1.0.71/ofed-1b295470b56ec067af7340f2cca7e27a.squashfs weka-4.1.0.71/ui-1.0.0-5bc747765d326e6e1c3488285822f459.squashfs weka-4.1.0.71/weka-container-2.3.0-9c60adc0f77d96f577211d30cbf9ef3c.squashfs weka-4.1.0.71/weka-driver-1.0.0-595420f10959c344dc93b1eff50bb016.squashfs weka-4.1.0.71/weka-driver-igb-uio-4.0.0-b8dc002ff96443389fdef3f08462b238.squashfs weka-4.1.0.71/weka-ganesha-18ca10b28151817a7c8bb7267e6f5e9d.squashfs weka-4.1.0.71/weka-hostside-be7022b2fb8d07e029e3ae414452a3e5.squashfs weka-4.1.0.71/weka-node-7dd65bb3b9240a695217fe1e98f1c96d.squashfs weka-4.1.0.71/weka-s3-152101ca875b1b3e68598a8436da01ba.squashfs weka-4.1.0.71/weka-samba-fa23b1ed5b86200b1d682f072bc9af61.squashfs weka-4.1.0.71/weka-smbw-b038d6b57ae8f593e98282b2709b69b1.squashfs

Now look for the minio binary after mounting the squashfs images locally:

~/weka-4.1.0.71$ for i in $(ls *squashfs); do m=$(echo $i | cut -f1 -d.); sudo mkdir -p /mnt/${m}; sudo mount -o loop $i /mnt/${m}; done ~/weka-4.1.0.71$ find /mnt/ 2>&1 | grep -w minio /mnt/container-smbw-weka-4/usr/lib/ocf/resource.d/heartbeat/minio /mnt/container-s3-weka-release-459ba907ea2ca2fc6c3940deba2dc631/usr/bin/minio /mnt/weka-s3-152101ca875b1b3e68598a8436da01ba/minio.sh.template ~/weka-4.1.0.71$

As you can see the the minio binary is located under container-s3-weka-release : Now you can run the binary on a local directory.

You can now visit the link at http://64.71.151.66:9000 and interact with MinIO using the object browser.

After logging in with root credentials, you can interact with objects using MinIO’s browser.

The link to Docs in the browser naturally refers to MinIO:

Weka has also incorporated other components from the MinIO object storage suite into their products - again without attribution.

Here are examples of the MinIO Client (mc) and MinIO’s Warp performance testing software.

Here are examples of MinIO’s launch scripts:

To summarize, MinIO has revoked Weka’s license to any and all MinIO software, effective immediately. Customers running Weka are in violation of the MinIO licenses - despite assurances that Weka may provide to the contrary. If those customers would like to speak with us directly they can do so at [email protected].