MinIO is now in maintenance-mode

Posted by hajtom 10 hours ago

MinIO is now in maintenance-mode(github.com)

403 points | 237 commentspage 2

Dachande663 9 hours ago|

Does anyone have any recommendations for a simple S3-wrapper to a standard dir? I've got a few apps/services that can send data to S3 (or S3 compatible services) that I want to point to a local server I have, but they don't support SFTP or any of the more "primitive" solutions. I did use a python local-s3 thing, but it was... not good.

mcpherrinm 8 hours ago||

Versity Gateway looks like a reasonable option here. I haven't personally used it, but I know some folks who say it performs pretty great as a "ZFS-backed S3" alternative.

https://github.com/versity/versitygw

Unlike other options like Garage or Minio, it doesn't have any clustering, replication, erasure coding, ...

Your S3 objects are just files on disk, and Versity exposes it. I gather it exists to provide an S3 interface on top of their other project (ScoutFS), but it seems like it should work on any old filesystem.

pkoiralap 8 hours ago|||

Versity is really promising. I got a chance to meet with Ben recently at the Super Computing conference in St. Louis and he was super chill about stuff. Big shout out to him.

He also mentioned that the minio-to-versity migration is a straight forward process. Apparently, you just read the data from mino's shadow filesystem and set it as an extended attribute in your file.

mbreese 8 hours ago||||

I really like what I've (just now) read about Versity. I like that they are thinking about large scale deployments with tape as the explicit cold-storage option. It really makes sense to me coming from an HPC background.

Thanks for posting this, as it's the first I've come across their work.

zzyzxd 4 hours ago|||

Garage also decide to not implement erasure coding.

mr-karan 9 hours ago|||

You could perhaps checkout https://garagehq.deuxfleurs.fr/

dardeaup 9 hours ago||

I've done some preliminary testing with garage and I was pleasantly surprised. It worked as expected and didn't run into any gotchas.

digikata 8 hours ago||

Garage is really good for core S3, the only thing I ran into was it didn't support object tagging. It could be considered maybe a more esoteric corner of the S3 api, but minio does support it. Especially if you're just mapping for a test api, object tagging is most likely an unneeded feature anyway.

It's a "Misc" endpoint in the Garage docs here: https://garagehq.deuxfleurs.fr/documentation/reference-manua...

topspin 5 hours ago||

"didn't support object tagging"

Thanks for pointing that out.

ralgozino 8 hours ago|||

Do you want to serve already existing files from a directory or just that the backend is a directory on your server?

If the answer is the latter, seaweedfs is an option:

https://github.com/seaweedfs/seaweedfs?tab=readme-ov-file#qu...

trufas 8 hours ago|||

s3proxy has a filesystem backend [0].

Possibly of interest: s3gw[1] is a modified version of ceph's radosgw that allows it to run standalone. It's geared towards kubernetes (notably part of Rancher's storage solution), but should work as a standalone container.

[0] https://github.com/gaul/s3proxy [1] https://github.com/s3gw-tech/s3gw

frellus 9 hours ago|||

Check out from nvidia, aistore: https://github.com/NVIDIA/aistore

It's not a fully featured s3 compatible service, like MinIO, but we used it to great success as a local on-prem s3 read/write cache with AWS as the backing S3 store. This avoided expensive network egress charges as we wanted to process data in both AWS as well as in a non-AWS GPU cluster (i.e. a neocloud)

import 9 hours ago|||

rclone serve s3, could be.

spicypixel 8 hours ago||

This is the winner

dark-star 2 hours ago||

that is not easily possible. In S3, "foo" and "foo/bar" are valid and distinct object names that cannot be directly mapped to a POSIX directory. As soon as you create one of those objects, you cannot create the other

tiernano 9 hours ago||

Is this not the best thing that could happen? Like now its in maintenance, it can be forked without any potential license change in the future, or any new features that are in that license change... This allows anyone to continue working on this, right? Or did i miss something?

jagged-chisel 9 hours ago||

> ... it can be forked without any potential license change in the future ...

It is useful to remember that one may fork at the commit before a license change.

phoronixrly 7 hours ago||

It is also useful to remember that MinIO has historically held to an absurd interpretation of the AGPL -- that it spreads (again, according to them) to software that communicates with MinIO via the REST API/CLI.

I assume forks, and software that uses them will be held to the same requirements.

NegativeK 2 hours ago|||

They're not the only ones to claim that absurdity.

https://opensource.google/documentation/reference/using/agpl...

ahepp 5 hours ago|||

As long as I'm not the one who gets sued over this, I think it would be wonderful to have some case law on what constitutes an AGPL derivative work. It could be a great thing for free software, since people seem to be too scared to touch the AGPL at all right now.

Weryj 9 hours ago||

Pretty sure you can’t retroactively apply a restrictive license, so that was never a concern.

IgorPartola 9 hours ago||

You can, sort of, sometimes. Copyleft is still based on copyright. So in theory you can do a new license as long as all the copyright holders agree to the change. Take open source/free/copyleft out of it:

You create a proprietary piece of software. You license it to Google and negotiate terms. You then negotiate different terms with Microsoft. Nothing so far prevents you from doing this. You can't yank the license from Google unless your contract allows that, but maybe it does. You can in theory then go and release it under a different license to the public. If that license is perpetual and non-revokable then presumably I can use it after you decide to stop offering that license. But if the license is non-transferrable then I can't pass on your software to someone else either by giving them a flash drive with it, or by releasing it under a different license.

Several open source projects have been re-licensed. The main thing that really is the obstacle is that in a popular open source or copyleft project you have many contributors each of which holds the copyright to their patches. So now you have a mess of trying to relicense only some parts of your codebase and replace others for the people resisting the change or those you can't reach. It's a messy process. For example, check out how the Open Street Maps data got relicensed and what that took.

bilkow 8 hours ago||

I think you are correct, but you probably misunderstood the parent.

My understanding of what they meant by "retroactively apply a restrictive license" is to apply a restrictive license to previous commits that were already distributed using a FOSS license (the FOSS part being implied by the new license being "restrictive" and because these discussions are usually around license changes for previously FOSS projects such as Terraform).

As allowing redistribution under at least the same license is usually a requirement for a license to be considered FOSS, you can't really change the license of an existing version as anyone who has acquired the version under the previous license can still redistribute it under the same terms.

Edit: s/commit/version/, added "under the same terms" at the end, add that the new license being "restrictive" contributes to the implication that the previous license was FOSS

IgorPartola 6 hours ago||

Right but depending on the exact license, can the copyright holder revoke your right to redistribute?

bilkow 2 hours ago||

It's probable that licenses that explicitly allows revocation at will would not be approved by OSI or the FSF.

Copyright law is also a complex matter which differs by country and I am not a lawyer so take this with a grain of salt, but there seem to be "edge cases" where the license can be revoked as seen in the stackexchange page below.

See:

https://lists.opensource.org/pipermail/license-discuss_lists...

https://opensource.stackexchange.com/questions/4012/are-lice...

Havoc 9 hours ago||

I thought they were pivoting towards close it and trying to monetize this?

That got backlash so now it’s just getting dropped entirely?

People get to do whatever they want but bit jarring to go from this is worth something people will pay for to maintenance mode in quick succession

embedding-shape 9 hours ago||

> I thought they were pivoting towards close it and trying to monetize this?

That's literally what the commit shows that they're doing?

> *This project is currently under maintenance and is not accepting new changes.*

> For enterprise support and actively maintained versions, please see MinIO SloppyAISlop (not actual name)

this_user 8 hours ago|||

Their marketing had shifting to trying to push an AI angle for some time now. For an established project or company, that's usually a sign that things aren't going well.

ocdtrekkie 9 hours ago||

They cite a proprietary alternative they offer for enterprises. So yes they pivoted to a monetized offering and are just dropping the open source one.

itopaloglu83 9 hours ago||

So they’re pulling an OpenAI.

Start open source to use free advertising and community programmer, and then dumps it all for commercial licensing.

I think n8n is next because they finished the release candidate for version 2.0, but there are no changelogs.

jdoe1337halo 8 hours ago||

I use this image on my VPS, it was the last update before they neutered the community version

quay.io/minio/minio:RELEASE.2025-04-22T22-12-26Z

spapas82 7 hours ago||

This is a way too old version. You should use a newer one instead by downloading the source and built the binaries yourself.

Here's a simple script that does it automagically (you'll need golang installed):

> build-minio-ver.sh

  #!/bin/bash
  set -e

  VERSION=$(git ls-remote --tags https://github.com/minio/minio.git | \
  grep -Eo 'RELEASE\.[0-9T-]+Z' | sort | tail -n1)

  echo "Building MinIO $VERSION ..."

  rm -rf /tmp/minio-build
  git clone --depth 1 https://github.com/minio/minio.git /tmp/minio-build

  cd /tmp/minio-build
  git fetch --tags
  git checkout "$VERSION"

  echo "Building minio..."

  CGO_ENABLED=0 go build -trimpath \
  -ldflags "-s -w \
  -X github.com/minio/minio/cmd.Version=$VERSION \
  -X github.com/minio/minio/cmd.ReleaseTag=$VERSION \
  -X github.com/minio/minio/cmd.CommitID=$(git rev-parse HEAD)" \
  -o "$OLDPWD/minio"

  echo " Binary created at: $(realpath "$OLDPWD/minio")"

  "$OLDPWD/minio" --version

NietTim 8 hours ago||

Same here, since I'm the only one using my instance. But, you should be aware that there is an CVE in that version that allows any account level to increase their own permissions to admin level, so it's inherently unsafe

hintymad 2 hours ago||

I suspect that Clickhouse will go down the same path. They already changed their roadmap a bit two years ago[1], and had good reasons: if the open sourced version does too well, it will compete with their cloud business.

[1] https://news.ycombinator.com/item?id=37608186

ncrmro 6 hours ago||

As a note ceph (rook on kubernetes) which is distributed blockstorage has a built in s3 endpoint support

candiddevmike 9 hours ago||

It sucks that S3 somehow became the defacto object storage interface, the API is terrible IMO. Too many headers, too many unknowns with support. WebDAV isn't any better, but I feel like we missed an opportunity here for a standardized interface.

tlarkworthy 9 hours ago||

Its like GET <namespace>/object, PUT <namespace>/object. To me its the most obvious mapping of HTTP to immutable object key value storage you could imagine.

It is bad that the control plane responses can be malformed XML (e.g keys are not escaped right if you put XML control characters in object paths) but that can be forgiven as an oversight.

Its not perfect but I don't think its a strange API at all.

jerf 6 hours ago|||

That may be what S3 is like, but what the S3 API is is this: https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/s3

My browser prints that out to 413 pages with a naive print preview. You can squeeze it to 350 pretty reasonably with a bit of scaling before it starts getting to awfully small type on the page.

Yes, there's a simple API with simple capabilities struggling to get out there, but pointing that out is merely the first step on the thousand-mile journey of determining what, exactly, that is. "Everybody uses 10% of Microsoft Word, the problem is, they all use a different 10%", basically. If you sat down with even 5 relevant stakeholders and tried to define that "simple API" you'd be shocked what you discover and how badly Hyrum's Law will bite you even at that scale.

zokier 5 hours ago|||

> That may be what S3 is like, but what the S3 API is is this: https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/s3

> My browser prints that out to 413 pages with a naive print preview. You can squeeze it to 350 pretty reasonably with a bit of scaling before it starts getting to awfully small type on the page.

idk why you link to Go SDK docs when you can link to the actual API reference documentation: https://docs.aws.amazon.com/AmazonS3/latest/API/API_Operatio... and its PDF version: https://docs.aws.amazon.com/pdfs/AmazonS3/latest/API/s3-api.... (just 3874 pages)

eproxus 6 hours ago|||

That page crashes Safari for me on iOS.

PunchyHamster 8 hours ago||||

It gets complex with ACLs for permissions, lifecycle controls, header controls and a bunch of other features that are needed on S3 scale but not at smaller provider scale.

And many S3-compatible alternatives (probably most but the big ones like Ceph) don't implement all of the features.

For example for lifecycles backblaze have completely different JSON syntax

perbu 8 hours ago||||

Last I checked the user guide to the API was 3500 pages.

3500 pages to describe upload and download, basically. That is pretty strange in my book.

nine_k 4 hours ago||

Even download and upload get tricky if you consider stuff like serving buckets like static sites, or stuff like siged upload URLs.

Now with the trivial part off the table, let's consder storage classes, security and ACLs, lifecycle management, events, etc.

candiddevmike 8 hours ago||||

Everything uses poorly documented, sometimes inconsistent HTTP headers that read like afterthoughts/tech debt. An S3 standard implementation has to have amazon branding all over it (x-amz) which is gross.

drob518 7 hours ago|||

I suspect they learned a lot over the years and the API shows the scars. In their defense, they did go first.

christina97 7 hours ago|||

I mean… it’s straight up an Amazon product, not like it’s an IETF standard or something.

KaiserPro 5 hours ago||||

HTTP isn't really a great back plane for object storage.

paulddraper 6 hours ago|||

!!!

I’ve seen a lot of bad takes and this is one of them.

Listing keys is weird (is it V1 or V2)?

The authentication relies on an obtuse and idiosyncratic signature algorithm.

And S3 in practice responds with malformed XML, as you point out.

Protocol-wise, I have trouble liking it over WebDAV. And that's depressing.

ssimpson 8 hours ago|||

I thought the openstack swift API was pretty clean, but i'm biased.

giancarlostoro 7 hours ago|||

To be fair. We still have an opportunity to create a standardized interface for object storage. Funnily enough when Microsoft made their own they did not go for S3 compatible APIs, but Microsoft usually builds APIs their customers can use.

mbreese 8 hours ago|||

It was better. When it first came out, it was a pretty simple API, at least simpler than alternatives (IIRC, I could just be thinking with nostalgia).

I think it's only gotten as complicated as it has as new features have been organically added. I'm sure there are good use cases for everything, but it does beg the question -- is a better API possible for object storage? What's the minimal API required? GET/POST/DELETE?

bostik 7 hours ago|||

I suspect there is no decent "minimal" API. Once you get to tens of millions of objects in a given prefix, you need server side filtering logic. And to make it worse, you need multiple ways to do that.

For example, did you know that date filtering in S3 is based on string prefix matching against an ISO8601/RFC3339 style string representation? Want all objects created between 2024-01-01 and 2024-06-30? You'll need to construct six YYYY-MM prefixes (one per month) for datetime and add them as filter array elements.

As a result the service abbreviation is also incorrect these days. Originally the first S stood for "Simple". With all the additions they've had to bolt on, S2 would be far more appropriate a name.

everfrustrated 8 hours ago|||

Like everything it starts off simple but slowly with every feature added over 19 years Simple Storage is it not.

S3 has 3 independent permissions mechanisms.

dathinab 8 hours ago||

S3 isn't JSON

it's storing a [utf8-string => bytes] mapping with some very minimal metadata. But that can be whatever you want. JSON, CBOR, XML, actual document formats etc.

And it's default encoding for listing, management operations and similar is XML....

> but I feel like we missed an opportunity here for a standardized interface.

except S3 _is_ the de-facto standard interface which most object storage system speaks

but I agree it's kinda a pain

and commonly done partial (both feature wise and partial wrong). E.g. S3 store utf8 strings, not utf8 file paths (like e.g. minio does), that being wrong seems fine but can lead to a lot of problems (not just being incompatible for some applications but also having unexpected perf. characteristics for others) making it only partial S3 compatible. Similar some implementations random features like bulk delete or support `If-Match`/`If-Non-Match` headers can also make them S3 incompatible for some use cases.

So yeah, a new external standard which makes it clear what you should expect to be supported to be standard compatible would be nice.

killme2008 7 hours ago||

I can't believe they made this decision. It's detrimental to the open-source ecosystem and MinIO users, and it's not good for them either, just look at the Elasticsearch case.

thway15269037 8 hours ago||

So, when anyone will fork in? Call it MaxIO or whatever. I might even submit couple of small patches.

My only blocker for a fork to maintain compatibility and path to upgrade from earlier versions.

12_throw_away 6 hours ago|

To be fair, their previous behavior and attitude towards the open source license suggests that minio would possibly engage in at least a little bumptious legal posturing against whoever chose to fork it.

frellus 9 hours ago|

https://aistore.nvidia.com

positisop 5 hours ago|

github.com/NVIDIA/aistore

At the 1 billion valuation from the previous round, achieving a successful exit requires a company with deep pockets. Right now, Nvidia is probably a suitable buyer for MinIO, which might explain all the recent movements from them. Dell, Broadcom, NetApp, etc, are not going to buy them.

More comments...