Docker is way too generous IMO. Petabytes of freeloader data they'll never generate a nickle from. Everyone around here wants people to pay $20/month for some newspaper, and spend $0/month on infrastructure that helps run the internet. It's crazy town.
Well, quay already exists.
> Everyone around here wants people to pay $20/month for some newspaper, and spend $0/month on infrastructure that helps run the internet.
And you believe that those 2 ideas are both held by the same people?
> And you believe that those 2 ideas are both held by the same people?
If I had to generalize the audience here, yes.
> You can migrate from a Free Team organization to a Personal account by opening a support ticket. No action will be taken against your account while your ticket is being processed.
So you do get it then.
Sorry, not sorry.
Also, just switch to Podman already people…
fuck docker!
Also I don't think Docker grasps how much their users value a one way stop for pulling images of OSS.
It is a really stupid move.
Was HN spreading fake news then?
Migrating to a free personal account will work for many small open source projects. That's what we're planning to do.
Hmm, I’m not sure how I feel about them making excuses a few sentences into what is supposed to be an apology.
It’s like saying: “It only affected 2% of our users, therefore we figured it wouldn’t be a big deal. Nobody cares about 2%.”
It’s those two percent they’re aiming to apologize to isn’t it?
Then of course they missed the fact it would impact the entire OS community…
"We apologise, and also here are some our 'lie by statistics' excuses where we don't count who used those org repos but just the org owners"
Then comes the crunch times, and suddenly random vendors can rug pull your entire operation.
Yet we keep doing it every boom time because it's so easy!
Depending on how this goes I might let my purchasing department know it's time to cancel our enterprise subscription with Docker. I have a IBM RH corp account and would much rather pay RH at that point because Docker is burning all of it's cred in the dumpster out back.
Is anyone going to fund that?
We have a way to do that with git (and signed commits) that covers source code.
Is there something that someone can build out of P2P/IFPS/? that would allow that to happen, including some form of search/identification?
What percentage of those orgs / users hosted popular docker images? Surely, 2% is a small enough number to warrant a public apology?
I don't care much of the business decision, it's their house.
I care for the persons I support whom use docker and I dont see a way to prepare them without sounding like a crackpot and looking like a fool if they after making noise turns out they aren't impacted.
Why do you really want to kill those 2% of your users?
Ah, only 2%. Completely irrelevant number. Move along.
The insignificant problem would sort itself out in time, instead of creating a lot of friction and a plume of dumpster fire smoke, for very little or no gain at all.
I won’t be caught up againg by Docker SNAFU.
Some MBA with a spreadsheet at Docker hasn't realized that where the upstream OSS goes, the rest follow.
If this move means that people have to now manage access to multiple registries like quay and ghcr, will that also incentivize people to go ahead and try migrating to these other registries. Especially given that dockers own registry has such poor permission management.
Docker registries are included with most cloud services (AWS, Azure, Gcloud, digital ocean) and you can use those to self host as well without too much issues. Github and gitlab offer docker registries as well. As do lots of other companies. Mostly, those services make money from other things than hosting docker images. That's just a low value commodity that they need to offer the really interesting stuff. If you are going to charge people for some expensive kubernetes cluster, they need a place to dump their container images. So you offer that for free. It's just a few GB of storage. It literally is a rounding error on the total bill. It does not matter. Charging for that does not make sense.
That's the problem docker has right now: they need companies to pay them absurd amounts of money for something that is essentially a low value commodity and they don't really have anything with a lot of value that they could charge for instead. And the harder they insist people need to pay, the more they erode their position as a leader in this space (which arguably they lost years ago). While it was free and convenient, people used them. But now that that's no longer the case, people engineer around them. They are throwing the baby out with the bathwater. The one asset they still had (people treating them as the de-facto place to park docker containers) is basically being lost. And as soon as that stops, it's going to get harder for them to gain new customers or even retain existing ones.
Contrast that with Github that used to charge for stuff that they now give away for free. I paid for it back in the day. And now I don't. Except Github is making loads of money from companies that outgrow the freemium tier. And they have a steady supply of happy freemium users using their services for free transitioning to valuable paid services. And they get to host the entirety (well close to it) of the software developer population on this planet. It's the largest professional network outside of linkedin. Which of course MS also owns. It would be madness to incentivize users to not use that by charging for it. It's way too valuable for that.
Speaking of MS, they should just buy out Docker. Fire the management. Get rid of their sales department and revitalize docker and dockerhub development and integrate it into github. It's so complementary to Github that it's a no-brainer. And probably investors are getting fed up with the way things are going at docker. I imagine this could be a relatively cheap acquisition for them. This isn't OpenAI, LinkedIn, or Github.
> If you don't upgrade to a paid subscription, Docker will retain your organization data for 30 days, after which it will be subject to deletion. During that period you will maintain access to any of your public images.
New communication:
> We’d also like to clarify that public images will only be removed from Docker Hub if their maintainer decides to delete them. We’re sorry that our initial communications failed to make this clear.
Given these statements directly contradict each other I am a bit surprised this is called clarification. It feels like they changed the actual strategy, not just the communication around it.
> Given these statements directly contradict each other
Actually... they aren't contradictory. The organization data will be retained for 30 days and is subject to deletion. That data includes the teams, memberships, etc. But, it wasn't clear what we were going to do about the images. Keeping the public images is important as many other images build on top of them.
> It feels like they changed the actual strategy
We recognize it might feel that way, so apologies. But, that's part of where we are recognize it wasn't clear the technical details... we didn't talk at all about the images. After the feedback, we recognized this, so wanted to make that clear.
Keeping the public images available in an archived state is okay for specific image references, but questionable for specific image tags and somewhat irresponsible for the `latest` tag. A `latest` tag that cannot be updated is ... worse than no `latest` tag.
Responsible maintainers that are unable to apply for open-source status or otherwise sponsor their usage of organization public repos should be advised to delete their public repos.
Responsible users of public images on Docker Hub need to have a way to determine which images will be affected, and which will continue to be maintained. Archiving the public repos gives an extended grace period, but users will still need to be prepared to notice if they end up using a now unmaintained, archived repo and migrate to alternative image sources.
I understand the need to make money as a company, but it really is biting the hand that fed messing with open source maintainers
> During that period you will maintain access to any of your public images.
The only reason that sentence would be in there is if after that period you would lose access to the public images! And from Merriam-Webster, "access", verb, definition two: "to open or load (a computer file, an Internet site, etc.) a file that can be accessed by many users at the same time".
> it wasn't clear what we were going to do about the images.
No, it was quite clear; after the 30 day period we would not be able to pull the images. That's what the announcement said. It was not ambiguous. That may not have been the policy or what was intended to be announced, but the issue here isn't a lack of clarity.
(Also, letting the images stay accessible but disallowing any changes is only marginally better than just removing them, so the current policy - whether or not it's the same as the originally announced policy - is still terrible.)
They are. Your intent may not have been contradictory, but the messages received by everyone else were contradictory. You should own that if you are serious about doing better. Your intent doesn't really matter in these situations.
What did this mean in that case? That the images will continue to exist but the maintainers cannot update them? They'll just become orphaned?
With no way for the person who posted them to ask people not to use them?
you're on the Docker DevRel team, why are you talking like this? why do you feel the need to be confrontational? not a good look.
I always am annoyed by how companies apologize for the communication or the confusion arising after the communication. As if we, the public, didn't understand properly or are too dumb to understand what they tried to say. We understood perfectly and the _message_ was dumb, not the communication around the message. It doesn't feel like an honest apology.
This kind of thing happens inside companies all the time, including the one you're probably working at right now.
No need to get up in arms over it.
People who are bored (like me) will post rants and accusations.
This is not just the wrong date for a convention in the newsletter. What impact does it have on the ecosystem they've built? Some really serious projects use Docker and even if they have their own repositories can they be sure the software they rely on can keep publishing containers?
Even at the tiny startups I've worked on I'm asked to proofread any technical stuff they want to publish, I assume Docker does too.
Time to get rid of Docker in our world.
It’s like watching a five year old who’s convinced he can fool his parents.
Pretty unambiguously means "after that period you may not have access to any of your public images".
'We're sorry we mistreated you, look how small you are to us.'
Docker's on the other hand is none of that, and full of corporate PR red flags:
- "This only impacted less than 2% of our users" signals that they're not really sorry. It tells me they see this as a 'loud minority' problem
- "This does not affect [list of 6 other types of subscriptions]" -> signals the post is partially being used to promote the other subscriptions. Reinforced by the "what are the benefits of a Docker subscription" at the bottom.
- It's still unclear (to me) what is the actual implication for some of the non-official open source projects here. On the one hand they say: "Public images will only disappear if the maintainer decides to proactively delete it from Docker Hub". Further down they mention "we will defer any organization suspension or deletion while the DSOS application is under review". Clearly they do intent to suspend organisations, but maybe let old images remain? Then the problem remains, as it prevents future updates.
Despite what it tries to say in words, (for me) this post just reinforces the initial signal of both not understanding and not caring about the open source usage.
I don’t think that’s what it is. I think it’s minimizing. Don’t worry, it’s only 2%.
The problem is that’s 2% directly. If my organization has a Docker license, we’re not effected because we’re commercial.
But that’s not true is it? If we use Docker there is a very good chance that we use or base some of our images on open source images. We’re effected indirectly.
I admit it’s probably not possible to measure, maybe even estimate.
But the total number of organizations this change will be a problem for us way more than 2%. And they don’t want to admit it.
As someone affected, I'm ok with paying.
* I don't like feeling tricked
* I don't like feeling held hostage
* Make your changes in a manner that preceding the announcement with "SURPRISE!" wouldn't be fitting
This was done with no notice--basically a bill for RIGHT NOW with no warning, and it seems that the only reason for that was greed? Docker just hit 100 million in ARR. I mean, really, you can't afford to role this out gracefully?!?
When they did the "it's not free anymore" rugpull on Docker Desktop, I couldn't use it at work anymore since they wouldn't invoice us for less than a 50 seat license. Unfortunately, a lot of businesses won't buy things without invoicing for legal reasons.
It really upset me because I had a pretty solid workflow with docker desktop on a mac. Now I can't use that anymore. I am not surprised they continue to make foolish moves trying to monetize their software.
I get it, you need to monetize your software... but this is dumb.
Their open source program [1] only grants a free 1-year Docker Team subscription. After which time the whole system is unusable. And most of those features aren't what open source teams even need which is surely just basic multi-user access.
They really should have just tightened the entry criteria for their open source offering if they were so concerned about it being misused.
https://www.docker.com/blog/docker-sponsored-open-source-pro...
Docker is deleting Open Source organisations - what you need to know - https://news.ycombinator.com/item?id=35166317 - March 2023 (727 comments)
Docker is sunsetting Free Team organizations [pdf] - https://news.ycombinator.com/item?id=35154025 - March 2023 (105 comments)
Docker is sunsetting Free Team organizations - https://news.ycombinator.com/item?id=35153949 - March 2023 (12 comments)
Also:
Elixir: Docker now charges open source orgs $300 - https://news.ycombinator.com/item?id=35166579 - March 2023 (38 comments)
Ask HN: Docker Alternatives? - https://news.ycombinator.com/item?id=35171491 - March 2023 (5 comments)
I think they mean it impacts less than 2% of user _accounts_. Not every account is created equal. If you were an open-source org with millions of image downloads a month, having your org deleted would have an outsized effect on the community. Many more Docker Hub users than 2% stand to be affected by these changes, even if the nominal value of 2% of user accounts is accurate.
Also, this "apology" does not feel even 2% apologetic. "I am sorry you misunderstood us" is not an apology. They're running the seldom used "docker pull gaslight:latest" command.
Docker probably should've started their purge there, not with FOSS orgs...
Too bad the company screwed up turning their technology into a real business, or taking a graceful massive exit when they had the chance. Their VC's doubtless pushed them towards an IPO when they didn't really have a solid revenue plan.
Once they started nagging / forcing / tricking people into paying for what they had offered for free, they company was doomed. The "+WASM" branding all over their website reeks the sad desperation of a has-been coulda-been. Sorry folks, you built cool and important technology, but that's not good enough if you're greedy.
This company raised $400M+ and they cannot be arsed to implement a feature to change account types.
In all areas of the business, everyone should first be thinking, how does this impact the people using this thing? Have I talked to them? Do they understand what's happening? Do they have concerns? Have I fully addressed them? Is this going to make their lives harder, or will this be scary, or confusing?
It's my biggest pet peeve. Both as a user and an employee. If you don't take the time to care, it's really obvious, and an easy way to piss people off and inconvenience them. From a business perspective that drives customers to your competitors and makes employees quit. From a personal perspective, it's just a dick thing to do.
* "public images will only be removed from Docker Hub if their maintainer decides to delete them"
* "Public images will only disappear if the maintainer of the image decides to proactively delete it from Docker Hub. If the maintainer takes no action, we will continue to distribute their public images."
This sounds good, but it would be better to explicitly say "if you opt to let your free organization be suspended, Docker Hub will continue distributing your public images indefinitely anyway". It feels like there's a loophole here where if a public image comes to have no maintainer - because they abandoned its organization - then it no longer benefits from this assurance. That seems unlikely, but given how this change has been going so far, it's tough to give Docker the benefit of the doubt.
> Docker Pro is ideal for individual developers looking to accelerate productivity.
> Docker Team is ideal for small teams looking to collaborate productively.
> Docker Business is ideal for businesses looking for centralized management and advanced security capabilities. Visit our pricing page to learn more.
I'm not quite sure that answers the question, just how docker would like it's customers to self-discriminate.
1. Let any user have how many "free teams" they want, but restrict the image size (under 1GB?) and/or downloads (under 1,000/month?). Maybe let the community vote for open source images exempt from this restriction.
2. Run a free link redirect service: user registers my-team on hub.docker.com, links my-team/my-image with their preferred registry my-registry.com, client-side docker pull my-team/my-image resolves automagically to my-registry.com/my-team/my-image.
The first messaging clearly read to me that they would delete everything (including images), the second just seems like they backtracked internally despite claiming a different meaning for the original message.
I have lost trust in this company.
This is irrational, self-destructive greed, not the more usual transparent and regretful removal of generous pricing plans and unsustainable services that dotcoms have made the public familiar with.
If you don't meet the strict criteria of the Open Source Program, for example you are a for profit company publishing an open source image, you can't upload new versions of your public images. Your images are one CVE away from becoming useless.
If you do meet the criteria, they will build images for you. No way to have your own build process. All artifacts are made public.
Support request sent, I wish there were more clear on what "Topic" and "Severity" this kind of request falls into.
#HugOps to the tech support team that's going to be flooded with requests.
Side note - Google's "crane" CLI tool was marvelous for this purpose.
> Please consult the Organizations page of your Docker account; any affected organizations are labeled “Docker Free Team” in the “Subscription” column. Less than 2% of Docker users have a Free Team organization on their account.
Interesting theory, but no; my account is paid, but I'm using third party images that are rather harder to verify.
It's always "we're sorry that we didn't communicate our bait and switch effectively". Not we're sorry that we pulled a bait and switch. We're sorry you didn't understand the value in this bait and switch. It's your fault, actually. But we're sorry you're angry. Now stop giving us negative attention.
Why not just release multiple statements and links?
"Click here for customized PR statement if you are a open source developer"
"Click here for customized PR statement if you are a closed source developer"
"Click here for customized PR statement if you are an executive who can't code"
"Click here for customized PR statement if you are a billionaire who invested in Docker but secretly don't know what it is"
etc.
I don't think so. The quote above is what they say on that page, and I think that is a pretty useless metric. It affects 2% of all Docker Hub users, 100% of all Free Team users.
To me this "This impacted less than x%" business is more of a classic Apple damage control PR statement, designed to convey to the whole userbase, "You almost definitely aren't affected, it's just a tiny number of whiners making all this fuss, and look how small they are!"
99% it is "the number of accounts affected" and not anything to do with number of downloads of images hosted there.
They could choose not to share any data, which is what most companies default to.
You're complaining about something so small as if they aren't handling this entire thing beautifully at this point. They noticed their mistake, and corrected it swiftly to keep the community from bifurcating. What else do you want, exactly?
There's a world of difference between "This impacted less than 2% of our users." and "This impacted about 2% of our users."
The first implies that they have up to 2% of users which they don't respect, and undermines their apology.
I agree that it's good that they responded quickly, and I know there's a tradeoff between fast and perfect.
Its wild how the same people will complain that some corporate missive is completely content-free while at the same time punishing any attempt at earnest communication by scouring the missive for a raised edge to take offense at.
Many months later, this is still proving to have been a good call.
Moral of the story: do not try to shove a category change on large corporations without having basic things large corporations routinely require in order to give you money, especially if replacing you requires a lot less spend on extra internal labor and material than you're demanding to be paid.
I see that they now have those things, but it would have been very clever to have asked a few potential customers about these things ahead of time, and made sure they had them as soon as they stuck their hands out... or had a few ex-corporate types around to run this all by before telling us that we will be buying Docker licenses within 120 days for everyone who happens to have Docker Desktop installed. At least they were savvy enough to realize that large companies couldn't have begun to cope with much less notice, but as it was, the rough start with a looming deadline was enough motivation to get us trying alternatives right away.
You should not be giving your $x (it does not matter that its only 5) to the company.
i do think Docker is squandering an insanely privileged position here, even if i'm not particularly invested/dogmatic personally about Docker as a brand. only every so often does a company become a member of the popular lexicon -- an Uber instead of a Taxi, a Kleenex instead of a tissue -- we pull Docker images every day even though they are actually OCI images, or hosted on GitHub.
this privilege is insanely huge and it is one granted through technical aptitude, intense problem solving, commitment to open source and tooling, and so on, that the Docker project displayed for its first two decades or so of existence.
where it fell off that wagon as a brand, and misaligned with its technology, i don't know. this is just one person's 2c.
All the discussions from the Docker team regarding SystemD feel like they want to push Docker Swarm and see SystemD as a threat to their business model. It would not supprise me if they downtalk Lennart Poetterin on a personal level.
Also to this day if we want to setup complex test scenarios we need the --privileged flag to run Docker in Docker.
github set a precedent with free public repos, but they traded the cost of supporting that for being the canonical way to store source code online (or as close to it as one company can get).
docker accesses this privilege but then demands that open source people, who are by definition not paid for their work directly, must pay to host images on their branded platform, the one which guarantees them a place in the technology hall of fame.
the double-punch of that failed remunerative trade ends up feeling to that community like a betrayal; not to mention the self-defeating strategy it embodies, since a technical solution here is not only possible, but would be expected from a company granted that position and privilege in the software supply chain (technical aptitude / excellence).
at worst it is a betrayal, at best it comes across as lazy, because they are not reaching for a technical solution which can satisfy every constraint; they are satisfied launching one that merely satisfies their own needs, to the detriment of the community that supported them.
It is similar to pseudo-blameless engineering cultures, where engineers won't admit to bugs, or update the status indicator, least they face the shame of writing a post mortem, or having it brought up in their performance review.
Tell that to Silicon Valley Bank after that WSJ article that started the run lol
In an ideal free market with perfectly-rational omniscient actors, this issue wouldn't occur. I don't think you even need the omniscience: trust, memory, reputation/vouching and basic game theory should be sufficient (though I haven't proven this). Alternatively: a free market with contracts, where all things go through the system, would work.
In the real world, the system consists of people, each of whom is optimising for a particular thing. Very few people are optimising for "make the most money, at the expense of all else". Show me anyone (even a billionaire), and I'll show you somebody who values other things higher than the accumulation of money. And plenty of things don't go through "the system of capitalism": we have commons, and volunteers, and favours, and coerced unpaid labour / wage theft.
"The forces of capitalism" might be a good shorthand for the reasons behind this problem, but it's not strictly an accurate one: these issues aren't inherent to capitalism. They're not problems with capitalism, but problems with this system. (Capitalism does have other, different problems that are pretty baked in, like how capital is power and power lets you accrue capital, but I don't see how that relates to this issue.)
The whole thing only needs docker infrastructure getting hacked because it used some of the now-orphaned containers to complete the shitshiw
BigCo or GovDepartment gets popped via a known exploit against a fixed bug in an OSS project, but GitHub has prohibited the project from updating the explicable image they host without paying a ransom of $420/year?
That seems an great way to take some very significant reputation hits.
Many TT-RPG players enjoy reading rules carefully and figuring out fun ways to "exploit" them. So everyone jumped on WotC's changes and dissected the implications. And many companies in the larger ecosystem quickly announced plans to ship their own games competing with D&D.
WotC decided to back down and to just use Creative Commons, which largely resolved the immediate issue.
This is just a big "fuck you" to non company supported open source projects, as it turns out even ones labelled "sponsored css" on Docker Inc's own website.
Which are all clearly insignificant and unimportant, dumb little command line utilities and libraries like, say, curl...
https://github.com/docker/hub-feedback/issues/2314#issuecomm...
It's like saying I have to install `vi` via Docker... please don't tell me vim has a Docker hub repo too...
But yes, a missing word is certainly a plausible explanation for how they issued a statement that meant the opposite of what they apparently intended.
> During that period you will maintain access to any of your public images
Assuming that the you in that sentence is the organization and not the general public (given the use of your organization earlier in the paragraph), the logical interpretation is that they meant write access here, and not all access -- since read access is not limited in any way to the you in that sentence.
Yes, I agree the original messaging was terrible. But claiming that the original can only have meant all access is not consistent with the wording of the announcement.
Free Team organizations are a legacy subscription tier that no longer exists. This tier included many of the same features, rates, and functionality as a paid Docker Team subscription.
After reviewing the list of accounts that are members of legacy Free Team organizations, we’ve identified yours as potentially being one of them.
If you own a legacy Free Team organization, access to paid features — including private repositories — will be suspended on April 14, 2023 (11:59 pm UTC). Upgrade your subscription before April 14, 2023 to continue accessing your organization.
If you don’t upgrade to a paid subscription, Docker will retain your organization data for 30 days, after which it will be subject to deletion. During that time, you will maintain access to any images in your public repositories, though rate limitations will apply. At any point during the 30-day period, you can restore access to your organization account if you upgrade to a paid subscription. Visit our FAQ [1] for more information.
[1] https://web.docker.com/rs/790-SSB-375/images/privatereposfaq...
"If you don’t upgrade to a paid subscription, Docker will retain your organization data for 30 days, after which it will be subject to deletion. During that time, you will maintain access to any images in your public repositories, though rate limitations will apply."
The cynical devil on my left shoulder is telling me "Some smartass in an emergency meeting noted the ambiguity in that second sentence, and suggested lets just claim that 'During that time you will maintain access to any images' did not actually mean it's obvious implication that 'after that time you will no linger have access to any images' and this is all just a big misunderstanding" - and that how we ended up with this new "clarification".
The even more cynical devil on my right shoulder is telling me some actively evil asshole intentionally wrote that ambiguous sentence to give themselves a 'get out of jail card' in case complaints went viral...
In reality they were probably just going to disable access to updating all along and then maybe someday delete things, but didn’t want to say exactly that.
So at best, they just tanked their reputation for... minimal cost savings?
Methinks that's exactly what they did
Not only that, they said access to your public images. Not "access to your account" or "access to your project". They explicitly mention "any images in your public repositories" as a thing that you will "maintain access" to "during that time".
What's irresponsible is relying on a "latest" tag for updates.
Let's take for example the "jenkins/jenkins:latest" image.
Jenkins is notorious for having security updates, so in 2 years, if the latest tag is still there and frozen, it will be an attractive nuisance, causing people to download insecure software...
That's what the parent comment is trying to say. It's irresponsible to leave the image that implies it's "up to date and secure" because it's "latest", but is really insecure, and the organization owning it cannot change anything about that without paying $$. It's basically holding users of the image hostage.
Yes, obviously making existing tags immutable is bad. Nobody is disputing that.
If you've been referencing org/image:tag where tag=major-minor, and gets updated when there's a patch, then that's going to stop getting updated.
Without either the tag being deleted (and thus your pulls failing), or going out to find updates on that container - you may not notice that it's fallen out of date and the image/tag is no longer being updated.
With the entire organisation being removed from Dockerhub, it sounds like there's not even going to be a way for people to say "We've moved off Dockerhub, our images/source/etc is now over here".
You'll just have to search and hope you can find where it's moved to.
sometimes I want a container running the latest version of something. maybe i'm integration testing my stuff against that release to make sure stuff still works. or maybe I'm hoping a bug was fixed and will version pin later.
i agree that production software should version-pin all the things, but latest still has a place.
This is an example of my point actually - these types of posts are magnets for people that cannot be pleased.
This behavior is now demonstrated, it is the desired relationship, and it will be the baseline, all protestations aside.
The apology is meaningless. If this is not what you want, then take steps to limit the damage done to you, and do it now.
> We’d also like to clarify that public images will only be removed from Docker Hub if their maintainer decides to delete them.
> Will open source images I rely on get deleted?
> Not by Docker. Public images will only disappear if the maintainer of the image decides to proactively delete it from Docker Hub. If the maintainer takes no action, we will continue to distribute their public images.
People may have thought they were affected, which is what they seem to be apoligising for.
They should allow a TEAM->PERSONAL conversion for any open source account that doesn't qualify to be "Docker sponsored." But really this is a communications fail more than anything.
This only ever applied to the *Team* accounts. I have a paid non-team/personal account, but I am also aware that I could have a free personal account if I didn't need private repositories.
In other words, they weren't clear enough in their communication, which is what they're apologizing for.
But the internet outrage mob is going to yell about the evil of The Man no matter what I say, so I don't know why I bother...
For example if the user has a screen resolution of three 4K monitors side by side, using Linux, and coming from a Silicon Valley IP address, they are probably a developer. If they have the screen resolution of an iPad Pro and a New York IP address they are probably an executive on the go. The HTML5 accelerometer API might also say something about whether they're reading your press release in bed, while sitting, or standing. Use ChatGPT to reword the press release appropriately.
My take on Jenkins with all its plugins is that it need to be properly shielded from external access anyways.
[1] Disclaimer: I don't know how the product is structured.
No there isn't. This is entirely subjective and you're acting like they said "Fuck our customers" when they just shared data. Anything you want to imply beyond that says more about you than it does about any part of Docker.
> The first implies that they have up to 2% of users which they don't respect, and undermines their apology.
Where does this implication come from? Why is Docker not given the benefit of the doubt when they are already extending an olive branch...? This isn't Microsoft.
I guess if you want to change things, you should shoot for a position in PR at docker. Otherwise, you look like a rube for acting as though they "could have done better with one sentence." I bet you're fun at parties.
An Olive branch is, "We fucked up, sorry about that, this is what we are going to do, or not going to do moving forward to fix the issue.
Fuckery is "We apologize but it was only poor communication and it only impacted a small and insignificant part of the community".
This isn't an Olive branch. Its damage control with an attempt to change perception. Its not even remotely close to trying to right a wrong.
Customers who are running businesses and knowingly breaking the ToS? I'm not sure why businesses like Docker aren't allowed to defend their revenue.
It's actually pretty hilarious how many of you are coming out of the woodwork to attack Docker, they are not the enemy in any way, shape or form and if they disappear you're gonna miss them.
"During that period" refers to the 30-day period. During that time, the images are accessible. After the 30-day period, they will still be pull-able, but not able to be updated.
Any smart FOSS maintainer will find alternate hosting...
I think that’s obviously the point of the whole exercise — pony up or leave. They’re just doing it in an annoying manner
In other words, the public repos are being archived. If I was a maintainer responsible for providing up-to-date and secure images, then I think it would indeed by my duty to delete them, if I am no longer able to update them.
Specifically (emphasis mine):
> During that time, you will maintain access to any images in your public repositories
So, the logical conclusion, which literally everyone else on HN had, was that after that time you will lose access to images in your public repositories; access meaning "we can get to the image" in this context, because that's what people f-n care about.
Not to mention the other part, about how Docker will still have images available for pull that can't be changed, for which there is no way to "forward" user pulls elsewhere if the developer chose to not pay the fee; so in affect you're capturing their user base with old software and almost no way to know that.
"DevRel" at Docker failed this week. Just own up to it, take the hit, and don't be evasive. Evasiveness is shady and no one trusts that bullshit.
Keeping them read only is literally the worst solution. Old images that can't be updated and accrue security flaws, all while uninformed users see address still work and assume nothing needs to be changed.
Your corporation picked literally worst way to do it.
I disagree. The worst way would be to make a blanket decision for all projects on their behalf.
This way they let the project maintainer decide.
For projects that don't get updated, it's better to leave them where they are.
For projects that are changing the maintainers can choose to delete (or move to a paid / OSS plan).
Choice is good, and giving that choice to maintainers is good.
The final act if goodness (and I'm not clear yet) is whether maintainers will be able to delete an image at some point in the future. Like say a year from now. Possibly by creating a paid account, and "reclaiming" that image.
Personally I agree that your advice to delete them may be the best option for most maintainers who have decided to leave. And they currently have the ability to do that.
Hence my assertion that your statement is incorrect.
>pull-able
To any reasonable average person, these mean the same thing.
Yes, this happened to me. More than once.
No, you can’t just pull your wallet out and offer to pay for it yourself with cash. You’re not an “approved supplier” and it’s the supplier that needs to provide warranty support.
Also if you pay for it yourself, then you’re providing it as a “gift” and that could be construed as corruption — unless you’re reimbursed, but it’s above the threshold…
This whole thread has given me flashbacks to that time when the project manager broke down in tears and put his credit card back in his wallet…
Why?
Because the consequences of getting this wrong can be far more expensive than whatever productivity gains you, the individual employee, claim to be achieving.
Docker, for example: we had absolutely no interest in individual users directly accessing their online features (we took a bit of trouble to block them, in fact), so theoretically, the free Personal licenses should have been fine. No.
Ok, so just have each Docker user pay that $5 themselves. How do we make sure every person who has Docker installed on their PC really is paying for a license? Even if we gave them all corporate cards, and Docker was going to be cool with several hundred accounts (or more) from the same domain not being on the "Business" plan, we then get to set up a process with Accounting to make sure the PC scans match the payments.
This might all sound ridiculous to start-up/boutique employees, but is a basic fact of life in corporate IT... which Docker was hoping to get a lot of money out of.
They have public images here: https://hub.docker.com/u/httptoolkit
The original announcement said:
> If you don't upgrade to a paid subscription, Docker will retain your organization data for 30 days, after which it will be subject to deletion. During that period you will maintain access to any of your public images.
That sounds a lot like the public images were subject to deletion. At the very least, subject to being frozen in time and not updated/updateable, which can be worse in some cases.
But, as a business whose prosperity depends on the goodwill of masses of users, Docker can and should "defend their revenue" in a way that minimizes collateral damage in the form of
1) gratuitous bullshit, untrustworthiness, lack of transparency, and perceived evil intentions (e.g. their second announcement)
2) technical uncertainty and security risks (for orphaned images of uncertain status)
3) inconvenience, without additional revenue, to the vast majority of users that aren't included in this the shakedown
There are rational businesses and there are businesses that drive them away their customers; in the long term, the former tend to "defend their revenue" much better.
Works like a charm on our macbooks, very neat.
Even if we need to pay, I’m looking for alternatives not Docker Inc. - There is only so much you can take.
I don’t want to rely on them anymore.
Way more enterprise appropriate, for example - granular control on caches
What a thing, docker. I can't get over the staying power it has had despite... Everything.
It's not just the runtime.
If so, I think Nix being able to create docker images addresses that specific concern.
But why do we know what users have installed on the PCs assigned to them, aside from the licensing? When your product has a security hole (and unless your product never, ever talks to the Internet or other devices, it will someday), we need to know exactly who has it so that we can force them to patch. Again, tens of thousands of users with potentially thousands of products that need to have security issues tracked. Nightmare.
So if your custom software house** doesn't want to sell us your product in a way and provide management mechanisms that we feel comfortable with, then we'll find one of the many that does, or is happy to work with our preferred resellers. Or we will help departments redesign their processes to not need it.
Corporate IT cares deeply about what managers want, as they pay the bills. If they want your product for their subordinates, we will work to make that happen in a way that keeps our legal department and IT security management happy. Corporate IT cares deeply about users being able to use the products and services their managers are paying for. Corporate IT does not give a fig what individual users want, if they can't get their managers to pay for the cost of us dealing with that new product.
Negotiating license agreements and tracking usage, as I said before, is a full time job for several people. I am fortunately not one of them, but I've worked with them when supporting products within the company. Large companies do not employ these folks out of charity.
Corporate IT and corporate life is certainly not for everyone. Corporate IT doesn't work this way because we're humorless prigs; it works this way because there are billions in sensitive data and intricate production processes to protect, and tens of thousands of well-meaning folks who are competent in things other than infosec potentially providing network access to people who are not well-meaning.
If you want that sweet sweet corporate cash, figure out how to accommodate their purchase and IT management processes. Software resellers may be a good compromise. If you don't want to deal with corporate purchasing, don't be upset when a lot of your potential users end up with someone else's product.
** Anything smaller and more niche than SAP may as well be a "custom software house".
Legal is often still involved when it comes to new software products, because, among other things, there's GDPR. Oh, and Works Council.
My main point remains unchanged: relying on tens of thousands of end users to manage their licenses is something that large enterprises just can't do, so we end up with rules that seem draconian, and you, the hopeful seller of software/services to be used in corporate environments, will benefit from understanding how we work, even if you think it's stupid.
Their goals are completely different. The latter is not there to give you services. It's there to maximize shareholder value.
It's sad to see that HN can't even tell the difference anymore.
Are they allowed to do it? Of course! Are we allowed them to call them out on their bait & switch tactics? Of course, what else are we supposed to do?
Just because something is common, like building a user base based on implicit promises and then pulling the rug once the service reaches critical mass, doesn't mean it should be accepted and normalized.
And GitHub is owned by Microsoft, duh. And they don't do this stuff out of the kindness of their hearts.
> what else are we supposed to do?
How about not falling for the same trap again and again instead?
> ... pulling the rug once the service reaches critical mass, doesn't mean it should be accepted and normalized.
Then don't sit on that rug.
Images are published wherever the author decides that they're published and these changes are going to affect everyone who relies on an image that used to be hosted on Docker Hub.
I'm sorry, I don't understand what you mean.
See https://nix.dev/tutorials/building-and-running-docker-images
Or do you mean run as in "use docker image(s) within a nix expression". Like if you have a webapp with a nix devshell but want to start the docker postgres container for development?
You can do that too, yes.