Ghostboard pixel Skip to content

Docker's New Ultimatum Can Affect Open-Source Projects in a Big, Negative Way

Docker can do better to accommodate open-source projects; what do you think?

Docker is a popular containerization service offering various services to deliver software efficiently.

But, in recent times, the folks behind it have been pulling some moves that may not be friendly to the open-source ecosystem as a whole.

Update: Docker apologized for the lack of clarity in its message and announced the following:

- Public images will only disappear if the maintainer of the image decides to delete it.
- Assigned more staff to review applications for its program to help open-source projects.
- You can migrate from a Free Team organization to a Personal user account.
- This change does NOT affect subscriptions such as Docker Personal, Docker Pro, Docker Team (paid), or Docker Business.

And the recent move by them is no different. Kudos to a blog post by Alex Ellis for bringing this to our attention.

Let me guide you through this potentially disruptive move by Docker.

What happened?: Recently, they sent emails to Docker Hub users with an existing organization saying:

'Free Team organizations are a legacy subscription tier that no longer exists,' 😲

And their accounts will be deleted after a 30-day retention period if they don't opt for a paid team plan. Alex also shared a screenshot of the message he received via email:

Well, can you see how this is a bad thing?

This can potentially affect most open-source projects that use Docker to host their images.

Open-source projects usually don't have much funding and are usually either small projects run individually or by a handful of people, mostly self-funded. While Docker has a provision for such projects under their open-source program, it is not much of help.

There are reports by many users that they take a very long time to process such requests, with waiting periods of more than a year.

That does not sound promising at all 😑

Now, the only other ways for people to save their open-source projects are either to pay up or to migrate somewhere else before the impending purge.

A tweet reply on this matter by Justin Cormack, the CTO of Docker, doesn't instill much confidence:

justin cormack's reply to a tweet regarding docker's open source program

Are they handling this poorly?: Yes. The wording in the announcement notice that they sent out is pretty bleak-looking.

They don't mention whether private repos or public repos will be the ones to be affected or both.

Then there is the risk of cyber-squatting that may arise after deletion, where bad actors pose as the deleted projects and push so-called 'poison images' with malicious code.

Justin does add that; they won't delete any projects that have applied and are handling applications as fast as possible.

justin cormack's reply to a tweet regarding the deletion of open source projects on docker hub

But I wonder what will happen to the ones who haven't. My best guess currently is complete deletion after the 30-day retention period.

Solution for now: If you want to avoid opting for a paid plan, either migrate to GitHub's Container Registry (or anything similar) or manually migrate your images.

Furthermore, I suggest you go through Alex's blog to learn about the Docker Hub alternatives and how it will impact his project 'OpenFaaS'.

Docker has been making some weird decisions lately.

Take, for instance, the rate-limiting fiasco of 2020, Which introduced a rate limit to Docker Hub. It was not well received due to its apparent issues.

And fast forward to 2023, sunsetting the free team plans...

What do you think? Share your thoughts in the comments.

More from It's FOSS...