For posterity because I didn’t explain why/how it’s sketchy:
they just found a hardcoded key that skips all security that was in the wild for like two years
significant vibe coding means nobody actually understands the codebase. Hence not finding the backdoor key
some of the documentation is only in Chinese, which isn’t sketchy in itself, but given the backdoor key does seem fucking sketchy.
they have an X link you cannot remove from the admin console
the admin console has minor but stupid bugs: you can’t go from a bucket to the list of buckets, auth is janky, etc.
Just because it’s good a good name doesn’t make it good pedigree (which is a bone I have with rustXYZ named projects). The fact nobody caught serious backdoors for years is damning.
If you’re running this offline, it might be fine for you. I still run it inside my vpn behind auth but I’m looking to move off.
Thx very much. That’s valuable info. I edited my comment and crossed it off my list of software to evaluate for future projects. I already got the vibe-coding and a bit of sketchiness by scrolling through the latest commits and issue tracker.
Out of all these, SeaweedFS is the most scalable. Seaweed’s design is based off some of Facebook’s whitepapers about their warm storage system, and it works especially well for use cases that have a very large number of small files (like images).
Versity S3 Gateway is Apache‑licensed, backed by a commercial entity. Their contribution agreement forces you to give up copyright to them. It will follow the same path as Minio over time.
Their contribution agreement forces you to give up copyright to them.
The license just looks like the standard Apache license though, which doesn’t require this. With the Apache license, contributors still own the copyright to their code, but they license it to the project. Did you see a document in the repo that says something different?
Interesting - I didn’t see that. They say “You can add your own copyright as well”, so you don’t have to give up your rights to the code. They do still need to comply with the terms of the Apache license.
Was pretty much clear since last year. At the latest in December when they switched to “maintenance mode”. And now they archived it.
https://blog.vonng.com/en/db/minio-is-dead/
Alternatives include Garage, SeaweedFS (and RustFS).
Edit: RustFS looks very sketchy. Read object Object’s comment below before using it.
Rustfs is sketchy as fuck though.
Thanks for pointing it out. Yeah it does. I just copy-pasted what I found and didn’t check.
For posterity because I didn’t explain why/how it’s sketchy:
Just because it’s good a good name doesn’t make it good pedigree (which is a bone I have with rustXYZ named projects). The fact nobody caught serious backdoors for years is damning.
If you’re running this offline, it might be fine for you. I still run it inside my vpn behind auth but I’m looking to move off.
Thx very much. That’s valuable info. I edited my comment and crossed it off my list of software to evaluate for future projects. I already got the vibe-coding and a bit of sketchiness by scrolling through the latest commits and issue tracker.
Versity S3 Gateway is another option that’s trying to focus on simplicity. https://github.com/versity/versitygw
Out of all these, SeaweedFS is the most scalable. Seaweed’s design is based off some of Facebook’s whitepapers about their warm storage system, and it works especially well for use cases that have a very large number of small files (like images).
Versity S3 Gateway is Apache‑licensed, backed by a commercial entity. Their contribution agreement forces you to give up copyright to them. It will follow the same path as Minio over time.
The license just looks like the standard Apache license though, which doesn’t require this. With the Apache license, contributors still own the copyright to their code, but they license it to the project. Did you see a document in the repo that says something different?
Check their contribution rules. https://github.com/versity/versitygw/wiki/Contributing-Changes
quoting
All new files in the change should have the versitygw copyright and license headers.Interesting - I didn’t see that. They say “You can add your own copyright as well”, so you don’t have to give up your rights to the code. They do still need to comply with the terms of the Apache license.