Blog

Nutanix Response to Open Source Violations Allegations

By Nutanix

Updated | min

July 26, 2022

To our customers and partners,

We have taken the time to conduct a thorough internal inquiry on the allegations from MinIO that we may have used software in possible violation of an open source license in our Objects product.

Our internal inquiry confirmed that we have only used MinIO code licensed under the Apache 2.0 license and we have not used any of the MinIO code licensed under AGPLv3. Since only the Apache 2.0 license applied to our use of MinIO code, we reviewed our attribution and notice compliance under the Apache 2.0 license. During our inquiry, we discovered some inadvertent omissions in Nutanix Objects’ open source attribution and notices required under the Apache 2.0 license. For this, we are sorry and are committed to doing a better job of complying with the Apache notice and attribution going forward. We have been transparent during Nutanix Objects’ launch about MinIO use as can be seen in media coverage and do not feel this attribution omission increases risks to our customers. We have made updates to the technical information in the Nutanix Bible and to comply with Apache attribution and notices have ensured that the attribution notices are immediately available in our Objects Documentation. We will also be including the updated attribution and notices in the next release.

Also it’s important to note that Nutanix Objects is built using a combination of organic innovation and leverage of open source components including a limited set of MinIO components, and we have reduced the use of MinIO even further to just non data path components over the past year. In addition, software developed either in-house or by open source inclusion undergoes the same security oversight and review level at Nutanix. All products, and their respective components, are subject to our Security Development Lifecycle (SDL) as well as regular penetration testing and review to deliver the security our customers expect and deserve.

 

July 20, 2022

Nutanix strives to implement unique features and innovative capabilities to delight our customers. In doing so, we recognize the value of the open source communities and take our participation and stewardship very seriously. 

With respect to some recent allegations in a blog that we may have used software in possible violation of an open source license in our Objects product, please note that Nutanix stands behind our products, including any open source that we incorporate into them, and commits to indemnifying our customers against intellectual property claims arising out of the use of our products, should the need ever arise.

We will be reaching out to engage with the blog’s author promptly and will continue to update the community here.

© 2022 Nutanix, Inc.  All rights reserved. Nutanix, the Nutanix logo and all Nutanix product, feature and service names mentioned herein are registered trademarks or trademarks of Nutanix, Inc. in the United States and other countries. Other brand names mentioned herein are for identification purposes only and may be the trademarks of their respective holder(s). This post may contain links to external websites that are not part of Nutanix.com. Nutanix does not control these sites and disclaims all responsibility for the content or accuracy of any external site. Our decision to link to an external site should not be considered an endorsement of any content on such a site. Certain information contained in this post may relate to or be based on studies, publications, surveys and other data obtained from third-party sources and our own internal estimates and research. While we believe these third-party studies, publications, surveys and other data are reliable as of the date of this post, they have not independently verified, and we make no representation as to the adequacy, fairness, accuracy, or completeness of any information obtained from third-party sources.

This post may contain express and implied forward-looking statements, which are not historical facts and are instead based on our current expectations, estimates and beliefs. The accuracy of such statements involves risks and uncertainties and depends upon future events, including those that may be beyond our control, and actual results may differ materially and adversely from those anticipated or implied by such statements. Any forward-looking statements included herein speak only as of the date hereof and, except as required by law, we assume no obligation to update or otherwise revise any of such forward-looking statements to reflect subsequent events or circumstance.