> If you don't upgrade to a paid subscription, Docker will retain your organization data for 30 days, after which it will be subject to deletion. During that period you will maintain access to any of your public images.
New communication:
> We’d also like to clarify that public images will only be removed from Docker Hub if their maintainer decides to delete them. We’re sorry that our initial communications failed to make this clear.
Given these statements directly contradict each other I am a bit surprised this is called clarification. It feels like they changed the actual strategy, not just the communication around it.
> Given these statements directly contradict each other
Actually... they aren't contradictory. The organization data will be retained for 30 days and is subject to deletion. That data includes the teams, memberships, etc. But, it wasn't clear what we were going to do about the images. Keeping the public images is important as many other images build on top of them.
> It feels like they changed the actual strategy
We recognize it might feel that way, so apologies. But, that's part of where we are recognize it wasn't clear the technical details... we didn't talk at all about the images. After the feedback, we recognized this, so wanted to make that clear.
If you are deleting the organizational data and effectively archiving [1] all the images, keeping only the option for public images to be pulled but not updated... then how will affected maintainers be able to delete their now out of date public images after the 30 day cut-off? You will have to retain enough of the organization data to allow that to happen.
Keeping the public images available in an archived state is okay for specific image references, but questionable for specific image tags and somewhat irresponsible for the `latest` tag. A `latest` tag that cannot be updated is ... worse than no `latest` tag.
Responsible maintainers that are unable to apply for open-source status or otherwise sponsor their usage of organization public repos should be advised to delete their public repos.
Responsible users of public images on Docker Hub need to have a way to determine which images will be affected, and which will continue to be maintained. Archiving the public repos gives an extended grace period, but users will still need to be prepared to notice if they end up using a now unmaintained, archived repo and migrate to alternative image sources.
The irresponsible thing is making it so the tag exists, but the organization behind it cannot update it.
Let's take for example the "jenkins/jenkins:latest" image.
Jenkins is notorious for having security updates, so in 2 years, if the latest tag is still there and frozen, it will be an attractive nuisance, causing people to download insecure software...
That's what the parent comment is trying to say. It's irresponsible to leave the image that implies it's "up to date and secure" because it's "latest", but is really insecure, and the organization owning it cannot change anything about that without paying $$. It's basically holding users of the image hostage.
You missed his point. He's saying "latest is an anti-pattern". Which is correct. Everyone should be pinning to specific versions or semver to avoid being accidentally upgraded to a release with breaking changes.
Yes, obviously making existing tags immutable is bad. Nobody is disputing that.
There are exceptions though. I'm the kind of person that would pin Jenkins to latest even if it is an antipattern. I'm way more concerned about security flaws than a temporary CI breakage. So for me: Everyone should be pinning Jenkins to latest to avoid accidentally staying on a release with security holes.
It's not* just `latest` tags, it will also affect any other image tag.
If you've been referencing org/image:tag where tag=major-minor, and gets updated when there's a patch, then that's going to stop getting updated.
Without either the tag being deleted (and thus your pulls failing), or going out to find updates on that container - you may not notice that it's fallen out of date and the image/tag is no longer being updated.
With the entire organisation being removed from Dockerhub, it sounds like there's not even going to be a way for people to say "We've moved off Dockerhub, our images/source/etc is now over here".
You'll just have to search and hope you can find where it's moved to.
sometimes I want a container running the latest version of something. maybe i'm integration testing my stuff against that release to make sure stuff still works. or maybe I'm hoping a bug was fixed and will version pin later.
i agree that production software should version-pin all the things, but latest still has a place.
Deleting 'organization data' absolutely read that they would delete everything. Changing direction and back pedaling with a non-apology is borderline insulting.
I understand the need to make money as a company, but it really is biting the hand that fed messing with open source maintainers
I have no horse in this race, but fwiw, I can see how this mistake would be made honestly. Organization data could be easily refer to just the metadata of the organization, and depending on how the product is structured[1], could feel quite different from public images.
[1] Disclaimer: I don't know how the product is structured.
With the organization data gone, will there be a way to update the retained images, like security fixes etc? If not, then this could become very dangerous.
Really, if they delete the org data and images can’t be updated, it might just be better to delete them all just to avoid these inevitable issues (maybe with a longer delay). Just rip the band-aid off and be done with it.
Neither npm nor NuGet are volunteer driven organizations. npm is owned by Github, NuGet is owned by Microsoft, and I'm sure that there are dozens of other examples behind many key pieces of free dev&ops infrastructure that are owned by for-profit companies.
Are they allowed to do it? Of course! Are we allowed them to call them out on their bait & switch tactics? Of course, what else are we supposed to do?
Just because something is common, like building a user base based on implicit promises and then pulling the rug once the service reaches critical mass, doesn't mean it should be accepted and normalized.
You don't have to lecture me about the pitfalls of willingly relying on for-profit companies or the benefits of decentralization, but in the case of Docker we don't really have much of a choice unless you're suggesting that don't use it at all.
Images are published wherever the author decides that they're published and these changes are going to affect everyone who relies on an image that used to be hosted on Docker Hub.
I understand you are in a difficult position, but this is a bit absurd.
> During that period you will maintain access to any of your public images.
The only reason that sentence would be in there is if after that period you would lose access to the public images! And from Merriam-Webster, "access", verb, definition two: "to open or load (a computer file, an Internet site, etc.) a file that can be accessed by many users at the same time".
> it wasn't clear what we were going to do about the images.
No, it was quite clear; after the 30 day period we would not be able to pull the images. That's what the announcement said. It was not ambiguous. That may not have been the policy or what was intended to be announced, but the issue here isn't a lack of clarity.
(Also, letting the images stay accessible but disallowing any changes is only marginally better than just removing them, so the current policy - whether or not it's the same as the originally announced policy - is still terrible.)
Write access is a subset of all access, so I don't think we can really argue that the plain meaning of the original statement was about removing write access.
But yes, a missing word is certainly a plausible explanation for how they issued a statement that meant the opposite of what they apparently intended.
But the original statement did not say all access, it merely said access:
> During that period you will maintain access to any of your public images
Assuming that the you in that sentence is the organization and not the general public (given the use of your organization earlier in the paragraph), the logical interpretation is that they meant write access here, and not all access -- since read access is not limited in any way to the you in that sentence.
Yes, I agree the original messaging was terrible. But claiming that the original can only have meant all access is not consistent with the wording of the announcement.
They are. Your intent may not have been contradictory, but the messages received by everyone else were contradictory. You should own that if you are serious about doing better. Your intent doesn't really matter in these situations.
Yeah, really weird that after an apology announcement they’re still defending the original message at all. Not too hard to say “Yes, those messages contradict each other. The first one did not communicate our actual plan. The second message is a correction and clarification.”
More cynically, the intent might be blaming image maintainers: since obsolete images that appear current are a problem, responsible maintainers will delete them before losing access; then Docker will be able to tell inconvenienced end users that the maintainers autonomously and unnecessarily decided to remove their images.
"During that period" refers to the 30-day period. During that time, the images are accessible. After the 30-day period, they will still be pull-able, but not able to be updated.
So, any public image where the maintainer doesn't jump through hoops gets frozen in time, unable to be updated, and starts accumulating CVEs? This sounds worse than deleting the image.
Any smart FOSS maintainer will find alternate hosting...
Can't believe how soon this announcement came after the redhat "we're killing centos support now, best of luck". It's pretty clear how this industry reacts to major support changes with no heads up.
This is an important implication that needs to be brought up in the FAQ explicitly.
In other words, the public repos are being archived. If I was a maintainer responsible for providing up-to-date and secure images, then I think it would indeed by my duty to delete them, if I am no longer able to update them.
> If you don’t upgrade to a paid subscription, Docker will retain your organization data for 30 days, after which it will be subject to deletion. During that time, you will maintain access to any images in your public repositories, though rate limitations will apply.
Specifically (emphasis mine):
> During that time, you will maintain access to any images in your public repositories
So, the logical conclusion, which literally everyone else on HN had, was that after that time you will lose access to images in your public repositories; access meaning "we can get to the image" in this context, because that's what people f-n care about.
Not to mention the other part, about how Docker will still have images available for pull that can't be changed, for which there is no way to "forward" user pulls elsewhere if the developer chose to not pay the fee; so in affect you're capturing their user base with old software and almost no way to know that.
"DevRel" at Docker failed this week. Just own up to it, take the hit, and don't be evasive. Evasiveness is shady and no one trusts that bullshit.
Nah, it's this guy sitting in here trying to tell us how we're supposed to think, that it wasn't their fault we were stupid, that's the issue I have. I don't give a flying FUCK about Docker as a company; whether they live or die matters less to me than when I'll have to pee next.
No, you were not "stupid", and no one is claiming that!! In fact, Docker has gone out of their way to publicly apologize for saying something that was so inherently confusing that it led people--including myself, btw, and I don't even like or use Docker--to believe something they did not mean (that public image would be deleted). If they had written an article saying "we're sorry you're so dumb" I'd get your vitriol, but they are actively apologizing for their poor communication and trying to fall on their sword for causing a misunderstanding... what more do you want?!
Demanding human treatment in all circumstances constitutes a healthy outlook on life. Letting organizations get away with shady tactics should never be tolerated in any society. It may not change anything but it's still important for society to speak out against bad policies and bad decisions
Keeping them read only is literally the worst solution. Old images that can't be updated and accrue security flaws, all while uninformed users see address still work and assume nothing needs to be changed.
Your corporation picked literally worst way to do it.
>> Your corporation picked literally worst way to do it.
I disagree. The worst way would be to make a blanket decision for all projects on their behalf.
This way they let the project maintainer decide.
For projects that don't get updated, it's better to leave them where they are.
For projects that are changing the maintainers can choose to delete (or move to a paid / OSS plan).
Choice is good, and giving that choice to maintainers is good.
The final act if goodness (and I'm not clear yet) is whether maintainers will be able to delete an image at some point in the future. Like say a year from now. Possibly by creating a paid account, and "reclaiming" that image.
Personally I agree that your advice to delete them may be the best option for most maintainers who have decided to leave. And they currently have the ability to do that.
Hence my assertion that your statement is incorrect.
You didn't address the issue of security. The problem with leaving it up to the projects is that projects won't necessarily respond, and we don't want the foundations of the next Mantis 26M rps botnet to get its start from PULL insecure:latest.
I wonder what a court would think about who'd be legally liable there?
BigCo or GovDepartment gets popped via a known exploit against a fixed bug in an OSS project, but GitHub has prohibited the project from updating the explicable image they host without paying a ransom of $420/year?
Can the images be updated after the organizational data is gone? If not, is there a security concern, since vulns are likely to be discovery in future?
sooooooooooooooooo orgs that didn't want to upgrade are still left with users pinned to old address of the image with no option to push security updates?
I always am annoyed by how companies apologize for the communication or the confusion arising after the communication. As if we, the public, didn't understand properly or are too dumb to understand what they tried to say. We understood perfectly and the _message_ was dumb, not the communication around the message. It doesn't feel like an honest apology.
"No no no, the message in our contradictory communication is actually the message that you can interpret that contradiction with if you have this new piece of previously undisclosed information! How could you possibly have been confused by that? We are DevRel, we are communication professionals..."
rolls eyes OR, their marketing and DevRel departments and their engineering departments simply had a miscommunication; when it was realized, the present post was composed.
This kind of thing happens inside companies all the time, including the one you're probably working at right now.
I don't believe it was a miscommunication. Even if it was a company as important as Docker inc, mentioning DELETING containers requires some care and should raise some flags at any serious communications department.
This is not just the wrong date for a convention in the newsletter. What impact does it have on the ecosystem they've built? Some really serious projects use Docker and even if they have their own repositories can they be sure the software they rely on can keep publishing containers?
Even at the tiny startups I've worked on I'm asked to proofread any technical stuff they want to publish, I assume Docker does too.
This is why I believe that they changed what would happen after the pushback and are trying to hide that they changed.
In reality they were probably just going to disable access to updating all along and then maybe someday delete things, but didn’t want to say exactly that.
Both sound like "you won't be able to update them", so images sort of permanently squatted and growing tech debt, potentially vulnerabilities, etc. They should really allow for configuring the ":latest" tag to raise a 404 or something if this is what all that means.
Relying? I was assuming a 404 for "latest" might cause people to look into what happened with the image and find it's new home. Without locking them out of specific versions if they needed them for some reason.
Free Team organizations are a legacy subscription tier that no longer exists. This tier included many of the same features, rates, and functionality as a paid Docker Team subscription.
After reviewing the list of accounts that are members of legacy Free Team organizations, we’ve identified yours as potentially being one of them.
If you own a legacy Free Team organization, access to paid features — including private repositories — will be suspended on April 14, 2023 (11:59 pm UTC). Upgrade your subscription before April 14, 2023 to continue accessing your organization.
If you don’t upgrade to a paid subscription, Docker will retain your organization data for 30 days, after which it will be subject to deletion. During that time, you will maintain access to any images in your public repositories, though rate limitations will apply. At any point during the 30-day period, you can restore access to your organization account if you upgrade to a paid subscription. Visit our FAQ [1] for more information.
This is the exact quote that was already up-thread of here, and they absolutely are not claiming they "never said that"; instead, they are clarifying that "organization data" does not include "public images", and while that's confusing, I can appreciate why they didn't think it would be and--lo and behold--they are publicly apologizing for being so confusing and taking the hit for having done so.
Its the very next sentence after that one that they are claiming has been practically universally "misunderstood".
"If you don’t upgrade to a paid subscription, Docker will retain your organization data for 30 days, after which it will be subject to deletion. During that time, you will maintain access to any images in your public repositories, though rate limitations will apply."
The cynical devil on my left shoulder is telling me "Some smartass in an emergency meeting noted the ambiguity in that second sentence, and suggested lets just claim that 'During that time you will maintain access to any images' did not actually mean it's obvious implication that 'after that time you will no linger have access to any images' and this is all just a big misunderstanding" - and that how we ended up with this new "clarification".
The even more cynical devil on my right shoulder is telling me some actively evil asshole intentionally wrote that ambiguous sentence to give themselves a 'get out of jail card' in case complaints went viral...
No no no, you build your stack, transpile it to WASM, and run it on your user's phones! WebRTC to run a distributed shared database across every phone that's not behind NAT! No servers. No databases. No electricity bills. Your backend hardware fleet automatically updates itself every couple of years _and pays_ for it itself!
Given the CentOS shit, I'm not convinced jumping from Docker Inc to RedHat is appropriately mitigating the risk of a corporate rug pull once they've decided its time for the next step in their enshittification plan...
It started as a CoreOS project and for a long time it was the only ebterprisey registry, and it included security scanning. Had some availability issues some time ago, but AFAIK today it's pretty good.
If you want actual reproducable, actual portable software, Nix. Otherwise there are countless other OCI runtimes, cri-o, containers, etc. Kubernetes doesn't even use Docker.
What a thing, docker. I can't get over the staying power it has had despite... Everything.
I'm not certain what "ecosystem" means in this context, but you can build docker images using Nix. It's actually pretty cool because the image only contains the runtime dependencies of whatever you throw in the container. No package manager or build system is included. I've only tinkered with Nix, nothing in my professional life, so YMMV.
I'm super interested in the ecosystem you mean here. I'm assuming that you mean ecosystem around images like kubernetes, ECS, etc like the other commenter guessed?
If so, I think Nix being able to create docker images addresses that specific concern.
I can easily install many apps hosted at the Docker hub but how would I achieve that without Docker hub, unless everyone starts hosting things elsewhere but that'll take a good while assuming the community's consensus is to ditch Docker altogether.
Or do you mean run as in "use docker image(s) within a nix expression". Like if you have a webapp with a nix devshell but want to start the docker postgres container for development?
This is just a big "fuck you" to non company supported open source projects, as it turns out even ones labelled "sponsored css" on Docker Inc's own website.
Which are all clearly insignificant and unimportant, dumb little command line utilities and libraries like, say, curl...
Hi, ah... perhaps I'm an idiot for asking, but why does a near-ubiquitous system utility like curl need to be installed via a container? Is it not available on something like Alpine... and if so, then maybe it should be?
It's like saying I have to install `vi` via Docker... please don't tell me vim has a Docker hub repo too...
WotC tried to retroactively revoke an open gaming license that had been in widespread use since 2002. They had a legal theory why they could do this, but that theory contradicted quite a few public statements they had made on record. IP lawyers had very mixed opinions.
Many TT-RPG players enjoy reading rules carefully and figuring out fun ways to "exploit" them. So everyone jumped on WotC's changes and dissected the implications. And many companies in the larger ecosystem quickly announced plans to ship their own games competing with D&D.
WotC decided to back down and to just use Creative Commons, which largely resolved the immediate issue.
My first reaction to the news was "ok, net positive, unmaintained images will get cleaned up and break builds, and fewer people will then be bit by vulnerabilities in unknowingly used abanoned layers". But I guess not?
That depends on what "organization data" means. Does that phrasing cover the images or just the existence of the organization in Docker (i.e. deleted organization)?
Isn't that like a service like Github saying 'you will maintain access to any of your public projects' as in administrative access to one's own projects. After that period, you are no longer the owner of that repo and you no longer have "access". So I can still clone your github project but alas you no longer can commit to it.
Doesn't sound like it to me. If they meant "administrative access" they should have said "administrative access". They didn't, they just said "access" which unambiguously means just "access". Would've been very easy for them to make a one word correction somewhere in the dozen or so people who should have read this before it went out. But they didn't, they just said "access". If they wanted unambiguous meaning, they could have easily just said what they meant.
Well, methinks otherwise. Lack of access does not mean files deleted. Organization data deleted means account deleted. Contention here was the claim that they have done a uturn but they never said they will delete images. This entire somewhat useless thread is about whether lack of access actually meant images deleted. (Administrative is a word that I used in my comment and a red herring to pick on, quite frankly.)
> They didn't, they just said "access" which unambiguously means just "access".
Not only that, they said access to your public images. Not "access to your account" or "access to your project". They explicitly mention "any images in your public repositories" as a thing that you will "maintain access" to "during that time".
I’d say that’s a very substantive comment. The fact that you don’t want to hear it does not affect the substance. Of course, I realize I’m saying this on a site that literally makes unpopular comments harder to read lol, and where I’m only allowed to post ~5 comments at a time, meanwhile nobody will tell me why.
Edit: I just took a look at your recent comments and they seem mostly fine—and some are very good (thank you!), so I've removed the rate limit from your account. I'm taking a bit of a risk in doing that but if you'd meet us halfway in good faith, that should be more than enough to solve the problem.
One of the difficulties of public relations is communicating to multiple audiences at once. One of Docker’s audiences are the paying customers who outside that 2% and would want some assurance that if docker makes errors, those errors are smaller in magnitude. This statement seems like it is aimed at assuaging the worries of that audience. Is it good practice? I do not know.
Is that a serious suggestion? Who on earth would take the time to look through all of those to see which one best fits them? Companies have enough trouble getting press releases read already.
I guess then you could use some heuristics and ChatGPT to tailor the press release to the particular viewer.
For example if the user has a screen resolution of three 4K monitors side by side, using Linux, and coming from a Silicon Valley IP address, they are probably a developer. If they have the screen resolution of an iPad Pro and a New York IP address they are probably an executive on the go. The HTML5 accelerometer API might also say something about whether they're reading your press release in bed, while sitting, or standing. Use ChatGPT to reword the press release appropriately.
This is a genuinely terrifying vision of the future. Already things like prices may differ based one’s location. Adding content writing AI to the mix is positively dystopian.
What if you are a "closed source developer" at work but an open-source one during your free time? What if you are a billionaire codes? What if… etc. You could make TL;DR's targeted at specific audiences, but you still need the same introduction for everyone.
The 2% they’re referring to are businesses that are using Docker’s hosted services for free. The majority of the outrage was from people thinking about the non-business users, that is, open source projects, which Docker unintentionally implied would be impacted by this change. Docker are apologising for their poor communication which made people think this change applied to more than just a tiny portion of the user base (who are probably happy to pay). They’re not apologising for the change.
Anybody who uses "docker pull" or "FROM" and not pointing at their own hosting or their own paid Docker account was affected as evidenced by the thousands of comments worried about the impact.
> We’d also like to clarify that public images will only be removed from Docker Hub if their maintainer decides to delete them.
> Will open source images I rely on get deleted?
> Not by Docker. Public images will only disappear if the maintainer of the image decides to proactively delete it from Docker Hub. If the maintainer takes no action, we will continue to distribute their public images.
People may have thought they were affected, which is what they seem to be apoligising for.
They also are saying the maintainers will be unable to update the images after the 30 days. So the panic and bitching are perfectly deserved: https://news.ycombinator.com/item?id=35188691
For TEAM accounts that aren't "Docker sponsored open source" teams.
They should allow a TEAM->PERSONAL conversion for any open source account that doesn't qualify to be "Docker sponsored." But really this is a communications fail more than anything.
This only ever applied to the *Team* accounts. I have a paid non-team/personal account, but I am also aware that I could have a free personal account if I didn't need private repositories.
In other words, they weren't clear enough in their communication, which is what they're apologizing for.
But the internet outrage mob is going to yell about the evil of The Man no matter what I say, so I don't know why I bother...
> Less than 2% of Docker users have a Free Team organization on their account.
I don't think so. The quote above is what they say on that page, and I think that is a pretty useless metric. It affects 2% of all Docker Hub users, 100% of all Free Team users.
Ever wonder why Google outage notifications always say stuff like "this impacted 0.01752% of users"? Because if they leave that out, the PR department ends up flooded with questions from reporters about "how bad was this outage, exactly?", and less-diligent publications running "Google suffers massive outage" headlines.
It's really misleading though, as it only reflect the owners of the images. Presumably I should count as an affected user if I don't own the image, but try to download it.
> If you don't upgrade to a paid subscription, Docker will retain your organization data for 30 days, after which it will be subject to deletion. During that period you will maintain access to any of your public images.
That sounds a lot like the public images were subject to deletion. At the very least, subject to being frozen in time and not updated/updateable, which can be worse in some cases.
It's worse than just handwaving, it's straight up nonsensical. Perhaps it is literally true that only 2% of distinct accounts that log into Docker Hub have this plan, but for the vast majority of people "using Docker Hub" means "pulling public images from Docker Hub", not "logging into Docker Hub", so by a more reasonable criteria (say % of images pulled) I'm sure its at least an order of magnitude greater.
Yea. I don't think its necessary to even add that part since it seems the only reason they are responding is due to the negative backlash from the open source community. The fact that they added the % appears to me as an attempt to marginalize and compartmentalize the perception of this decision so it doesn't spread into the perception of their paying customers. Good luck with that.
(Note: I'm neutral on the main issue of whether Docker's moves are evil, etc. I don't really care)
To me this "This impacted less than x%" business is more of a classic Apple damage control PR statement, designed to convey to the whole userbase, "You almost definitely aren't affected, it's just a tiny number of whiners making all this fuss, and look how small they are!"
I think that was an attempt to describe that the change won't delete tons of projects like many believed, and break downstream users, not that it was too small of a group to care about.
Also, the 2% of the impacted users might have 50% of _all_ users as a dependency (just throwing out a random number for illustration), so I'm not sure that the "2% users" messaging matters to the recipients of that PR.
> 'We're sorry we mistreated you, look how small you are to us.'
They could choose not to share any data, which is what most companies default to.
You're complaining about something so small as if they aren't handling this entire thing beautifully at this point. They noticed their mistake, and corrected it swiftly to keep the community from bifurcating. What else do you want, exactly?
No there isn't. This is entirely subjective and you're acting like they said "Fuck our customers" when they just shared data. Anything you want to imply beyond that says more about you than it does about any part of Docker.
> The first implies that they have up to 2% of users which they don't respect, and undermines their apology.
Where does this implication come from? Why is Docker not given the benefit of the doubt when they are already extending an olive branch...? This isn't Microsoft.
I guess if you want to change things, you should shoot for a position in PR at docker. Otherwise, you look like a rube for acting as though they "could have done better with one sentence." I bet you're fun at parties.
They said they intend to delete customer data if they don't switch to paid plans: this means "fuck our customers", collectively and indiscriminately, not only the selected foreclosed accounts but everybody that depends on them.
> They said they intend to delete customer data if they don't switch to paid plans
Customers who are running businesses and knowingly breaking the ToS? I'm not sure why businesses like Docker aren't allowed to defend their revenue.
It's actually pretty hilarious how many of you are coming out of the woodwork to attack Docker, they are not the enemy in any way, shape or form and if they disappear you're gonna miss them.
Personally, I expect what I paid for from a free service, and I consider depending on gifts and uncertain platforms a reckless risk.
But, as a business whose prosperity depends on the goodwill of masses of users, Docker can and should "defend their revenue" in a way that minimizes collateral damage in the form of
1) gratuitous bullshit, untrustworthiness, lack of transparency, and perceived evil intentions (e.g. their second announcement)
2) technical uncertainty and security risks (for orphaned images of uncertain status)
3) inconvenience, without additional revenue, to the vast majority of users that aren't included in this the shakedown
There are rational businesses and there are businesses that drive them away their customers; in the long term, the former tend to "defend their revenue" much better.
It feels like people just enjoy digging into outrage - this sort of nit picking at specific phrasing in communications is baseless, and happens for literally any incident where an apology is issued.
Its wild how the same people will complain that some corporate missive is completely content-free while at the same time punishing any attempt at earnest communication by scouring the missive for a raised edge to take offense at.
The 'problematic' phrase is right before the section detailing who is not impacted - which is what many people are going to want to know! "Wait, should I be worried about this?'
This is an example of my point actually - these types of posts are magnets for people that cannot be pleased.
Agreed. It's frustrating to see companies try to downplay the impact of their mistakes by using statistics like "less than 2% of our users." Companies NEED to take responsibility for their actions and show genuine empathy for those affected, rather than trying to minimize the impact of their mistakes with vague statistics.
The "2% of our users" is indeed misleading since most users don't run organizations, and it's mainly orgs that were affected. A better metric would be what % of orgs were impacted.
Compared to the recent apology from Fly.io [1], Docker's corporate apology is terrible. Fly's was open about the struggles they faced and how they feel about it, empathetic to their customers, and come across as genuine (also reinforced by mrkurt's active follow up both in their community, as wel as here on HN).
Docker's on the other hand is none of that, and full of corporate PR red flags:
- "This only impacted less than 2% of our users" signals that they're not really sorry. It tells me they see this as a 'loud minority' problem
- "This does not affect [list of 6 other types of subscriptions]" -> signals the post is partially being used to promote the other subscriptions. Reinforced by the "what are the benefits of a Docker subscription" at the bottom.
- It's still unclear (to me) what is the actual implication for some of the non-official open source projects here. On the one hand they say: "Public images will only disappear if the maintainer decides to proactively delete it from Docker Hub". Further down they mention "we will defer any organization suspension or deletion while the DSOS application is under review". Clearly they do intent to suspend organisations, but maybe let old images remain? Then the problem remains, as it prevents future updates.
Despite what it tries to say in words, (for me) this post just reinforces the initial signal of both not understanding and not caring about the open source usage.
> It tells me they see this as a 'loud minority' problem
I don’t think that’s what it is. I think it’s minimizing. Don’t worry, it’s only 2%.
The problem is that’s 2% directly. If my organization has a Docker license, we’re not effected because we’re commercial.
But that’s not true is it? If we use Docker there is a very good chance that we use or base some of our images on open source images. We’re effected indirectly.
I admit it’s probably not possible to measure, maybe even estimate.
But the total number of organizations this change will be a problem for us way more than 2%. And they don’t want to admit it.
If they are listening to feedback, first is that a 30 day timeframe sends the message that "we feel our profit is more important than whatever else you are working on, so much that you should either pay us, or if you cannot afford it, immediately halt your other activities to reduce our costs." None of that builds trust.
As someone affected, I'm ok with paying.
* I don't like feeling tricked
* I don't like feeling held hostage
* Make your changes in a manner that preceding the announcement with "SURPRISE!" wouldn't be fitting
This was done with no notice--basically a bill for RIGHT NOW with no warning, and it seems that the only reason for that was greed? Docker just hit 100 million in ARR. I mean, really, you can't afford to role this out gracefully?!?
Docker Hub has become deeply integrated into the workflow of development/pipelines/runtime environments/etc. Announcing something like this with 30 days notice is extremely insulting. They're a software company (maybe not...?) and should be well aware of the amount of interruption that a 30 day notice on something like this causes.
I don’t think I said anything about possible or impossible. But their revenue is only one part of the equation. If you don’t know the other numbers, it’s not particularly useful to say here’s a big number they must be profitable.
When they did the "it's not free anymore" rugpull on Docker Desktop, I couldn't use it at work anymore since they wouldn't invoice us for less than a 50 seat license. Unfortunately, a lot of businesses won't buy things without invoicing for legal reasons.
It really upset me because I had a pretty solid workflow with docker desktop on a mac. Now I can't use that anymore. I am not surprised they continue to make foolish moves trying to monetize their software.
I get it, you need to monetize your software... but this is dumb.
Hey! They decided to do invoicing, after all! When they couldn't find a way to take purchase orders in the initial license obligation round and we were going to have to go through a third party licensing service to pay, we did a little math, and realized that it was cheaper to let one of the guys on the DevOps team create and maintain the customized WSL install option, with the bonus of steering the developers to our internal registry out of the box, because we really don't want devs pulling stuff directly from Docker Hub without any sort of traceability, much less (shudder) pushing anything there. The prospect of having to manage hundreds (or more) of user accounts with SSO "on the roadmap, pinky swear" pushed the math over the top.
Many months later, this is still proving to have been a good call.
Moral of the story: do not try to shove a category change on large corporations without having basic things large corporations routinely require in order to give you money, especially if replacing you requires a lot less spend on extra internal labor and material than you're demanding to be paid.
Yea the WSL option is what most places I know are doing. Unfortunately, I like using MacOS so it won't work for me haha. I don't trust the team writing the generic free version for Macs.
On the other side of the spectrum, working somewhere that would have purchased thousands of licenses, they were equally unaware of what larger corporations want or need for such arrangements.
They were so blinded by giant dollar/Euro signs when insisting that we take loads of those ~20/month licenses that included a lot of things that are anti-features to most enterprises (we need to prevent people from pulling/pushing to Docker Hub!) but left out things that would make it less miserable (SSO/SAML), that they couldn't see that absolutely no one was going to put five figures on their corporate card each month.
I see that they now have those things, but it would have been very clever to have asked a few potential customers about these things ahead of time, and made sure they had them as soon as they stuck their hands out... or had a few ex-corporate types around to run this all by before telling us that we will be buying Docker licenses within 120 days for everyone who happens to have Docker Desktop installed. At least they were savvy enough to realize that large companies couldn't have begun to cope with much less notice, but as it was, the rough start with a looming deadline was enough motivation to get us trying alternatives right away.
Ah, the good ole "my company won't pay for a $5/month tool that I like because the tool maker won't invoice my company for less than 50 users, so instead of paying $5/month myself on my credit card, I literally 'can't use it anymore' out of principle."
That's literally how it works in big corps and how it should work in general - company property should be paid for by the company, and the companies liability in case anything goes wrong.
You should not be giving your $x (it does not matter that its only 5) to the company.
I love big enterprise, where ten people can have daily meetings for a month to decide how to pay a few hundred dollars.
Yes, this happened to me. More than once.
No, you can’t just pull your wallet out and offer to pay for it yourself with cash. You’re not an “approved supplier” and it’s the supplier that needs to provide warranty support.
Also if you pay for it yourself, then you’re providing it as a “gift” and that could be construed as corruption — unless you’re reimbursed, but it’s above the threshold…
This whole thread has given me flashbacks to that time when the project manager broke down in tears and put his credit card back in his wallet…
Big companies have people around whose sole job is to make sure that all software that needs to be licensed, is licensed, and that these licenses are the exact ones that meet the providers' rules. This usually means that you are not allowed to use a personally-owned license on a company computer.
Why?
Because the consequences of getting this wrong can be far more expensive than whatever productivity gains you, the individual employee, claim to be achieving.
Docker, for example: we had absolutely no interest in individual users directly accessing their online features (we took a bit of trouble to block them, in fact), so theoretically, the free Personal licenses should have been fine. No.
Ok, so just have each Docker user pay that $5 themselves. How do we make sure every person who has Docker installed on their PC really is paying for a license? Even if we gave them all corporate cards, and Docker was going to be cool with several hundred accounts (or more) from the same domain not being on the "Business" plan, we then get to set up a process with Accounting to make sure the PC scans match the payments.
This might all sound ridiculous to start-up/boutique employees, but is a basic fact of life in corporate IT... which Docker was hoping to get a lot of money out of.
What are the 'consequences of getting this wrong'? Surely if a company has 'y' users all wanting to use a software product that company purchases y+1 licenses just to make sure they are covered.
The problem is a company wanting 'y' licenses more often than not want a y where the y is 1 and they're not looking to engage the thought of making a y+1 purchase.
However, they still want to be invoiced for the purchase and have their payment come 30 days later, which will require many additional hours chasing that late payment that comes 45 days later.
Yet somehow, they don't understand every scammer uses the exact same approach, but of course the scammer never bothers with the pretense of offering to actually pay any late bills, so in fact scammers cost the software provide less in the way of lost time.
If your company can credibly show that we knew that there were instances of your product running on several hundred of our PCs, but we can't prove that we were paying for the licenses, you can sue us for a lot more than those licenses would have cost, depending on where you're located and where we have official presence. You might not win, but you're still going to cost us a lot of money and time. Relying on tens of thousands of users to potentially manage their own licenses for thousands of products would be an absolute nightmare.
But why do we know what users have installed on the PCs assigned to them, aside from the licensing? When your product has a security hole (and unless your product never, ever talks to the Internet or other devices, it will someday), we need to know exactly who has it so that we can force them to patch. Again, tens of thousands of users with potentially thousands of products that need to have security issues tracked. Nightmare.
So if your custom software house** doesn't want to sell us your product in a way and provide management mechanisms that we feel comfortable with, then we'll find one of the many that does, or is happy to work with our preferred resellers. Or we will help departments redesign their processes to not need it.
Corporate IT cares deeply about what managers want, as they pay the bills. If they want your product for their subordinates, we will work to make that happen in a way that keeps our legal department and IT security management happy. Corporate IT cares deeply about users being able to use the products and services their managers are paying for. Corporate IT does not give a fig what individual users want, if they can't get their managers to pay for the cost of us dealing with that new product.
Negotiating license agreements and tracking usage, as I said before, is a full time job for several people. I am fortunately not one of them, but I've worked with them when supporting products within the company. Large companies do not employ these folks out of charity.
Corporate IT and corporate life is certainly not for everyone. Corporate IT doesn't work this way because we're humorless prigs; it works this way because there are billions in sensitive data and intricate production processes to protect, and tens of thousands of well-meaning folks who are competent in things other than infosec potentially providing network access to people who are not well-meaning.
If you want that sweet sweet corporate cash, figure out how to accommodate their purchase and IT management processes. Software resellers may be a good compromise. If you don't want to deal with corporate purchasing, don't be upset when a lot of your potential users end up with someone else's product.
** Anything smaller and more niche than SAP may as well be a "custom software house".
Too late to add this edit: now that I've thought about it for a bit, I think that many of our software purchases are via software resellers. One of the main reasons is that getting a new vendor approved by Accounting for payments is a slow, painful (to us) process that involves Legal (contracts!). As I'm neither an accountant nor a lawyer, I'm willing to accept that they have good reasons for their processes (preventing me from easily funneling money to a relative, for example) and just see it as another fact of corporate life instead of railing against it. In return, they do us the courtesy of accepting that they can't just install whatever they like on their PCs.
Legal is often still involved when it comes to new software products, because, among other things, there's GDPR. Oh, and Works Council.
My main point remains unchanged: relying on tens of thousands of end users to manage their licenses is something that large enterprises just can't do, so we end up with rules that seem draconian, and you, the hopeful seller of software/services to be used in corporate environments, will benefit from understanding how we work, even if you think it's stupid.
I assume they mean Docker issues an invoice which the company's AP department can then pay by either cutting a check or ACH transfer. At least that's what we had to get all our vendors to start doing when the company I worked for killed off corporate cards and quit letting employees expense things like this.
Pretty hard to get NET30 invoicing on a transaction which is less than $450, especially if you've chosen the monthly plan. It's just not worth the labor chasing an unpaid $450 invoice every damn month.
Their open source program [1] only grants a free 1-year Docker Team subscription. After which time the whole system is unusable. And most of those features aren't what open source teams even need which is surely just basic multi-user access.
They really should have just tightened the entry criteria for their open source offering if they were so concerned about it being misused.
Too little, too late, everyone i know is looking for ways of leaving docker for good. This last announcement just cemented the lack of confidence in the platform. As someone put it to me recently:» a bunch of execs trying to squeeze out a dying platform for a bonus before moving to another money sqeezing project.» At work we made the plan to leave today.
(Docker DevRel team here) For clarification, the program grants one year of access, but is indefinitely renewable as long as the program is still compliant with current criteria.
Thank you for the clarification. For reference, are there any open source projects you've seen that suddenly change course to being paid products and would lose open source status according to Docker? Any Linux distros that suddenly went closed source? Are there any sort of general public licenses that might preclude projects from even doing so?
Say a distro sells laptops with the distro pre-installed while also providing the same image online and might also sell consulting services to companies utilizing the distro.
According to my undestanding of the terms of Docker's opend source program, even if said distro was fully open-source and a run by a non-profit they would be non-eligible to participate in the program.
Is this renewal automatic? Having to go recertify with docker once a year for my tiny open source project that we happen to have an image for is literally infinity percent more hassle than I would like to deal with.
I think they mean it impacts less than 2% of user _accounts_. Not every account is created equal. If you were an open-source org with millions of image downloads a month, having your org deleted would have an outsized effect on the community. Many more Docker Hub users than 2% stand to be affected by these changes, even if the nominal value of 2% of user accounts is accurate.
Also, this "apology" does not feel even 2% apologetic. "I am sorry you misunderstood us" is not an apology. They're running the seldom used "docker pull gaslight:latest" command.
Oh my, have you ran a `docker search gaslight`? I just did and it looks like docker hub is being used to distribute ebooks? WTF... This is why we can't have nice things....
Not quite distribute, it feels like spammers are using dockerhub pages as a free publishing platform for posting links to even more scummy websites in promises to get free ebooks and full hindi movie downloads and my favorite "cleanmymac-x-443-cracked-activation-code-hot".
Docker probably should've started their purge there, not with FOSS orgs...
I stopped using Docker entirely after the Moby mess, when Podman came around without needing a daemon, and better runtimes became available for Kubernetes. It's been the inferior product for a long time, only kept alive by the dev mindshare they gained early on.
It's synonymous with "containers" for a lot of people. I know a lot of groups that use docker to build containers and other infra to run them.
Too bad the company screwed up turning their technology into a real business, or taking a graceful massive exit when they had the chance. Their VC's doubtless pushed them towards an IPO when they didn't really have a solid revenue plan.
Once they started nagging / forcing / tricking people into paying for what they had offered for free, they company was doomed. The "+WASM" branding all over their website reeks the sad desperation of a has-been coulda-been. Sorry folks, you built cool and important technology, but that's not good enough if you're greedy.
> You can migrate from a Free Team organization to a Personal account by opening a support ticket. No action will be taken against your account while your ticket is being processed.
This company raised $400M+ and they cannot be arsed to implement a feature to change account types.
I have nothing against Docker Inc. But it's worth noting that this kind of screw up happens when your company, from the top down, does not practice a culture in which empathy/compassion for people comes first.
In all areas of the business, everyone should first be thinking, how does this impact the people using this thing? Have I talked to them? Do they understand what's happening? Do they have concerns? Have I fully addressed them? Is this going to make their lives harder, or will this be scary, or confusing?
It's my biggest pet peeve. Both as a user and an employee. If you don't take the time to care, it's really obvious, and an easy way to piss people off and inconvenience them. From a business perspective that drives customers to your competitors and makes employees quit. From a personal perspective, it's just a dick thing to do.
* "public images will only be removed from Docker Hub if their maintainer decides to delete them"
* "Public images will only disappear if the maintainer of the image decides to proactively delete it from Docker Hub. If the maintainer takes no action, we will continue to distribute their public images."
This sounds good, but it would be better to explicitly say "if you opt to let your free organization be suspended, Docker Hub will continue distributing your public images indefinitely anyway". It feels like there's a loophole here where if a public image comes to have no maintainer - because they abandoned its organization - then it no longer benefits from this assurance. That seems unlikely, but given how this change has been going so far, it's tough to give Docker the benefit of the doubt.
Would be worried that the old images will still be distributed, but if an open source maintainer needed to push an update (e.g. for security reasons) they'd need to sign up to the paid account
1. Let any user have how many "free teams" they want, but restrict the image size (under 1GB?) and/or downloads (under 1,000/month?). Maybe let the community vote for open source images exempt from this restriction.
2. Run a free link redirect service: user registers my-team on hub.docker.com, links my-team/my-image with their preferred registry my-registry.com, client-side docker pull my-team/my-image resolves automagically to my-registry.com/my-team/my-image.
3. Let paying teams sponsor free teams. Maybe allow multiple organizations to sponsor a single team. (The free team should be able to refuse sponsorship on a case by case basis)
Ugh. We war-roomed, and subsequently kicked off a big project this morning to replace most, if not all, docker in our infrastructure and dev systems with podman.
The first messaging clearly read to me that they would delete everything (including images), the second just seems like they backtracked internally despite claiming a different meaning for the original message.
If Docker had any sense of leadership and community, they would have predicted that this petty extortion would have caused severe damage and loss of trust.
This is irrational, self-destructive greed, not the more usual transparent and regretful removal of generous pricing plans and unsustainable services that dotcoms have made the public familiar with.
If you don't meet the strict criteria of the Open Source Program, for example you are a for profit company publishing an open source image, you can't upload new versions of your public images. Your images are one CVE away from becoming useless.
If you do meet the criteria, they will build images for you. No way to have your own build process. All artifacts are made public.
I don’t get the hate of Docker as a company. Yes, this is crap technology that incentivise resource inefficiency at its peak form, but this is how stacks like ruby or python are at least working. Still, docker org invented all the tools, gave them for free, promote, document and support them, gave free global registry that can be filled by anyone and contains petabytes of trash, with free thousands of terabytes of egress monthly. They gave away all their intellectual work to RedHat/bazaar and participate in development of “open standards” for free.
And now when they take away some expensive toy, developers became hostile and call them unreliable.
i love Docker, but i think people by and large forget that OCI images are a thing, and that ultimately we are talking about slightly complex tarballs here.
i do think Docker is squandering an insanely privileged position here, even if i'm not particularly invested/dogmatic personally about Docker as a brand. only every so often does a company become a member of the popular lexicon -- an Uber instead of a Taxi, a Kleenex instead of a tissue -- we pull Docker images every day even though they are actually OCI images, or hosted on GitHub.
this privilege is insanely huge and it is one granted through technical aptitude, intense problem solving, commitment to open source and tooling, and so on, that the Docker project displayed for its first two decades or so of existence.
where it fell off that wagon as a brand, and misaligned with its technology, i don't know. this is just one person's 2c.
All the discussions from the Docker team regarding SystemD feel like they want to push Docker Swarm and see SystemD as a threat to their business model. It would not supprise me if they downtalk Lennart Poetterin on a personal level.
Also to this day if we want to setup complex test scenarios we need the --privileged flag to run Docker in Docker.
i think the hate comes from them squandering a position of their magnitude, built upon the investment and trust of the open source ecosystem.
github set a precedent with free public repos, but they traded the cost of supporting that for being the canonical way to store source code online (or as close to it as one company can get).
docker accesses this privilege but then demands that open source people, who are by definition not paid for their work directly, must pay to host images on their branded platform, the one which guarantees them a place in the technology hall of fame.
the double-punch of that failed remunerative trade ends up feeling to that community like a betrayal; not to mention the self-defeating strategy it embodies, since a technical solution here is not only possible, but would be expected from a company granted that position and privilege in the software supply chain (technical aptitude / excellence).
at worst it is a betrayal, at best it comes across as lazy, because they are not reaching for a technical solution which can satisfy every constraint; they are satisfied launching one that merely satisfies their own needs, to the detriment of the community that supported them.
This isn't a good clarification. While Docker says they will not delete images, it doesn't clarify whether they will delete organizations. Indeed, under "Can someone else squat my namespace?", it says "if your organization is suspended, deleted, or you choose to leave Docker voluntarily", which implies that orgs may also be deleted involuntarily. This is still a problem.
> You can migrate to a Free Team organization to a Personal account by opening a support ticket. No action will be taken against your account while your ticket is being processed.
Support request sent, I wish there were more clear on what "Topic" and "Severity" this kind of request falls into.
#HugOps to the tech support team that's going to be flooded with requests.
(from the Docker DevRel team) Ha! Just had to say... this gave me a good laugh! We're trying to get better... I swear! Comms are hard. We'll get there.
Appreciate it. I'd advise to try hard to not be dismissive of even the more snide and flamey comments in this thread - their interpretations are valid from what I see posted so far.
> Please consult the Organizations page of your Docker account; any affected organizations are labeled “Docker Free Team” in the “Subscription” column. Less than 2% of Docker users have a Free Team organization on their account.
Interesting theory, but no; my account is paid, but I'm using third party images that are rather harder to verify.
It's almost becoming a cliche for companies to release damage control follow-ups like this after they pull a bait and switch.
It's always "we're sorry that we didn't communicate our bait and switch effectively". Not we're sorry that we pulled a bait and switch. We're sorry you didn't understand the value in this bait and switch. It's your fault, actually. But we're sorry you're angry. Now stop giving us negative attention.
This speaks to the product culture at Docker. They are unable to admit they are changing direction after negative customer feedback, so they are pretending this was always their plan, and shifting the blame to their customers.
It is similar to pseudo-blameless engineering cultures, where engineers won't admit to bugs, or update the status indicator, least they face the shame of writing a post mortem, or having it brought up in their performance review.
This is somewhat an extension of modern politics, which is largely seen by political professionals as a problem of "messaging", where policy details are secondary to how people can be persuaded to think about those policies.
The forces of capitalism reward this, it will continue to happen as long as we pick pure capitalism as a system, and keep assigning values to companies purely on financials with no consideration toward their ability to empathize and communicate.
There's no such thing as "pure capitalism" – not if you're talking about things that exist.
In an ideal free market with perfectly-rational omniscient actors, this issue wouldn't occur. I don't think you even need the omniscience: trust, memory, reputation/vouching and basic game theory should be sufficient (though I haven't proven this). Alternatively: a free market with contracts, where all things go through the system, would work.
In the real world, the system consists of people, each of whom is optimising for a particular thing. Very few people are optimising for "make the most money, at the expense of all else". Show me anyone (even a billionaire), and I'll show you somebody who values other things higher than the accumulation of money. And plenty of things don't go through "the system of capitalism": we have commons, and volunteers, and favours, and coerced unpaid labour / wage theft.
"The forces of capitalism" might be a good shorthand for the reasons behind this problem, but it's not strictly an accurate one: these issues aren't inherent to capitalism. They're not problems with capitalism, but problems with this system. (Capitalism does have other, different problems that are pretty baked in, like how capital is power and power lets you accrue capital, but I don't see how that relates to this issue.)
This feels like a win for capitalism to me. The actually innovative Docker did is open source, and replacements already exist for DockerHub. So, we get the good tech they created, and the company with the user-hostile choices dies, or becomes irrelevant.
They say that their separate "open source program" (DSOS) is completely better than Free Teams. Why didn't they just migrate everyone on Free Teams to DSOS and then worry about the qualifications for those migrated afterwards (and less stringently)?
And why don't they answer for nearly a year after submitting a request, only to THEN ask to resubmit the request with an improved form or something. After which everything goes back to silence?
I'm afraid that I don't accept the apology. You are taking money from my organization, making it hard for my organization to administrate the users you ask money for because it is not enough seats and then communicate something that I can construe as having potential for a supply-chain attack on my production environment. I get it you need to make money, but without SSO for smaller enterprises you have us and them scrambling for alternatives.
Layering vendor tools in boom times is great! Free offerings are generous, tools help enormously getting greenfield projects started. We can pipe tools together and with a shinny new front end we can bring a new product to market in days, maybe hours. We can even release our own tooling as frameworks, a nice career boost to developers involved.
Then comes the crunch times, and suddenly random vendors can rug pull your entire operation.
Yet we keep doing it every boom time because it's so easy!
Monetizing what we took for granted as available for free has really rubbed everyone the wrong way. I've noticed teams are much less likely to request paid Docker Desktop, especially since there are perfectly suitable free alternatives nowadays. We all use either native docker engine on Windows + WSL2, or the MIT licensed Colima on Mac. Honestly, Docker Desktop was always a fairly heavyweight and cumbersome app with a very high opinion of itself.
I expect a third round of apology emails from Docker with less gaslighting and real numbers of how this affected 20k users.. or maybe more, not in a 2% format.
Depending on how this goes I might let my purchasing department know it's time to cancel our enterprise subscription with Docker. I have a IBM RH corp account and would much rather pay RH at that point because Docker is burning all of it's cred in the dumpster out back.
So we need a generic artifact repository (containers are just one type) that also maintains an SBOM (with a machine readable format, eg SPDX) for the artifact content.
Is anyone going to fund that?
We have a way to do that with git (and signed commits) that covers source code.
Is there something that someone can build out of P2P/IFPS/? that would allow that to happen, including some form of search/identification?
Why should remote image storage rely on relatively slow and complex resilient and extremely scalable P2P distributed technology instead of just downloading big files and verifying digital signatures from one authoritative repository?
> ...we recently emailed accounts that are members of Free Team organizations, to let them know that they will lose features unless they move to one of our supported free or paid offerings. This impacted less than 2% of our users.
What percentage of those orgs / users hosted popular docker images? Surely, 2% is a small enough number to warrant a public apology?
Can't they just idk release a list of the images that are likely to be impacted unless the owner takes action?
I don't care much of the business decision, it's their house.
I care for the persons I support whom use docker and I dont see a way to prepare them without sounding like a crackpot and looking like a fool if they after making noise turns out they aren't impacted.
So can team members still push security updates to an image on a public team account that’s not in their FOSS program? It’s still incredibly unclear if this is allowed, or if the existing images will be frozen in time until someone pays for the account. Still a nightmare for CISOs that rely on the ecosystem.
> For those of you catching up, we recently emailed accounts that are members of Free Team organizations, to let them know that they will lose features unless they move to one of our supported free or paid offerings. This impacted less than 2% of our users.
Why do you really want to kill those 2% of your users?
It baffles me that, for such small quantities, they don't just "grandfather" existing users and only change conditions for new signups.
The insignificant problem would sort itself out in time, instead of creating a lot of friction and a plume of dumpster fire smoke, for very little or no gain at all.
The percentage of users used in this corpo-speak may likely be counted against active and inactive accounts and almost certainly is not equal to percentage of transfer costs.
It's cool that you're not completely deaf, but the damage has been done and not only due to this announcement. There are alternatives and people are increasingly choosing them.
Given the number of times that Docker the company has rugged the community, I am highly pessimistic of their organization / paying them. I'd rather run my own registry.
So wait, they're not ending Docker Free Teams any more? That's great news. Thanks to all the Docker team who realized what a horrible mistake this was.
I'm not sure I'd call this "coming clean" since it doesn't seem like they really changed anything. They just apologized for that what they are doing is upsetting people.
this is a great reason to use OCI images and a Codespace on your Mac or Windows machine and just skip the entire "Docker" step altogether. just a reminder that you can do this, docker images are just tarballs, and the faster you exit a vice the less it can squeeze you.
I have no idea about their internals but I’m curious how many people used docker’ own registry offering as their repo manager of choice because it’s configured to lookup the docker registry by default. Easier to setup pipelines and dev env workflows etc.
If this move means that people have to now manage access to multiple registries like quay and ghcr, will that also incentivize people to go ahead and try migrating to these other registries. Especially given that dockers own registry has such poor permission management.
The problem runs much deeper than that. Most of what Docker offers is commodity software. You can get docker image hosting from a variety of sources and hosting your own registry isn't that hard. All you need is a docker container and some file storage or bucket. Docker for desktop is nice but there are free alternatives.
Docker registries are included with most cloud services (AWS, Azure, Gcloud, digital ocean) and you can use those to self host as well without too much issues. Github and gitlab offer docker registries as well. As do lots of other companies. Mostly, those services make money from other things than hosting docker images. That's just a low value commodity that they need to offer the really interesting stuff. If you are going to charge people for some expensive kubernetes cluster, they need a place to dump their container images. So you offer that for free. It's just a few GB of storage. It literally is a rounding error on the total bill. It does not matter. Charging for that does not make sense.
That's the problem docker has right now: they need companies to pay them absurd amounts of money for something that is essentially a low value commodity and they don't really have anything with a lot of value that they could charge for instead. And the harder they insist people need to pay, the more they erode their position as a leader in this space (which arguably they lost years ago). While it was free and convenient, people used them. But now that that's no longer the case, people engineer around them. They are throwing the baby out with the bathwater. The one asset they still had (people treating them as the de-facto place to park docker containers) is basically being lost. And as soon as that stops, it's going to get harder for them to gain new customers or even retain existing ones.
Contrast that with Github that used to charge for stuff that they now give away for free. I paid for it back in the day. And now I don't. Except Github is making loads of money from companies that outgrow the freemium tier. And they have a steady supply of happy freemium users using their services for free transitioning to valuable paid services. And they get to host the entirety (well close to it) of the software developer population on this planet. It's the largest professional network outside of linkedin. Which of course MS also owns. It would be madness to incentivize users to not use that by charging for it. It's way too valuable for that.
Speaking of MS, they should just buy out Docker. Fire the management. Get rid of their sales department and revitalize docker and dockerhub development and integrate it into github. It's so complementary to Github that it's a no-brainer. And probably investors are getting fed up with the way things are going at docker. I imagine this could be a relatively cheap acquisition for them. This isn't OpenAI, LinkedIn, or Github.
Lots of people outraged here, but did any organization step up to fill this (perceived) gap?
Docker is way too generous IMO. Petabytes of freeloader data they'll never generate a nickle from. Everyone around here wants people to pay $20/month for some newspaper, and spend $0/month on infrastructure that helps run the internet. It's crazy town.
I'm aware of Quay, I don't know the exact features that are going away, perceived or otherwise, from Docker that I can say this would fit everyone's usecase.
> And you believe that those 2 ideas are both held by the same people?
Edit: It looks like you can migrate from a team to a personal account:
> You can migrate from a Free Team organization to a Personal account by opening a support ticket. No action will be taken against your account while your ticket is being processed.
oh glorious docker thank you for completely changing course and not deleting our data and then acting like you never said you’d delete it in the first place.
I would guess that those 2% of users account for more than 2% of the load on Docker Hub. Open source projects on a regular release cadence would push images more frequently than your average user, and those public images from the projects themselves were probably used in FROM statements more frequently than other images.
I think they used one metric (resources used) when deciding to kill free teams, then their PR team scrambled to find another metric to make the whole kerfuffle seem like a tempest in a teapot when the backlash hit.
> If you don't upgrade to a paid subscription, Docker will retain your organization data for 30 days, after which it will be subject to deletion. During that period you will maintain access to any of your public images.
New communication:
> We’d also like to clarify that public images will only be removed from Docker Hub if their maintainer decides to delete them. We’re sorry that our initial communications failed to make this clear.
Given these statements directly contradict each other I am a bit surprised this is called clarification. It feels like they changed the actual strategy, not just the communication around it.