Coming off the Super Bowl last weekend, it seemed apropos that I write this blog entry. Because I want to talk about a football.
You know the Peanuts bit, right? Charlie Brown lines up to kick the football. Lucy promises not to move it. Charlie Brown sprints and commits his whole body. Then Lucy yanks it away. Charlie is left gasping flat on his back, embarrassed, expectations shattered.
That is the thirty-year-long open-source trauma loop I’ve observed in a single gag. MinIO is the open-source community’s latest Lucy in February 2026.
As of today, the minio/minio repo is read-only. It’s archived. The README says the repository is no longer maintained. That the Community Edition is “source code only” with no precompiled releases. Security fixes handled “on a case by case basis.”
For former users or contributors, that can feel like Lucy, holding the football above her head, smiling.
I have thoughts.
Lucy Is People
I met with several folks from the company about half a decade ago. Sincere, bright, enthusiastic. They wanted us in their ecosystem. My coworker and I had found the project on GitHub, tried it, and it solved real problems our other options did not.
But there was a clear warning sign by late 2019. Operator, console, KES, and Sidekick were committed with AGPL to their repo. More of that seemed to be coming. But the AGPL license wasn’t allowed where I worked.
Lucy, Linus, and Licenses
A little history is in order.
In May 2021, after 18 months of increasing AGPL-licensed contributions from the company to the repo? MinIO finally relicensed its server from Apache 2.0 to AGPLv3. They framed this as a move “from Open Source to Free and Open Source.” They said it had become “very difficult to avoid the AGPL dependency for any reasonable production environment.”
Not that AGPL is evil! It is designed to close the “we run it as a service so we never share changes” loophole.
But it felt bad for contributors because of what it meant in this particular sequence. The maintained branch moved to AGPL. The old Apache branch began to rot. Your “choice” became: “accept the new terms and risk your IP”, “fork and maintain it”, or “pay for a commercial license.”
Obligatory I-Am-Not-A-Lawyer. How far AGPL copyleft actually reaches depends on what counts as a “derivative work” and how you integrate the software. Talk to an actual lawyer if you care.
I’m putting a pin in the phrase: “derivative work.” It is doing more heavy lifting in 2026, I think, than anyone realized in 2021.
Regardless, “AGPL in the blast radius” creates a challenging compliance burden at many companies. OSS Legal review overhead. A nagging “what if they change the deal again?” anxiety tax. And often an automatic rejection.
Anyway, this is where I found Linus Torvalds’ framing is useful. He chose GPLv2-only for the Linux kernel. He did not want to be at the mercy of someone else’s future licensing decisions. And in particular, he resented someone else changing the license terms under the code he wrote.
That Youtube video resonated with me when I stopped being a MinIO cheerleader in late 2019. They had lured me in with one license, I’d modified the code and followed the license. And at the moment it started getting good? That football was yanked away.
Financially, MinIO eventually closed a $103M Series B at a $1B valuation, led by Intel Capital and SoftBank Vision Fund 2. At the time the company had fewer than 45 employees. The adoption metrics: 762 million Docker pulls, the GitHub stars, the Fortune 500 penetration: those were the asset. The license change was how you monetize the asset.
Classic dual-licensing play. It wasn’t a new phenomenon. Not morally or legally wrong. But remember what it depends on: the copyleft has to be enforceable. Hold that thought.
Charlie Brown Meets The Ground
Post-2021-relicense, MinIO went public with license-violation accusations against companies that had embedded MinIO under the original Apache 2.0 terms.
Nutanix (July 2022): MinIO accused Nutanix of distributing the MinIO binary without attribution and claimed to be “terminating and revoking” licenses under both Apache v2 and AGPL v3. Nutanix eventually acknowledged “inadvertent omissions” and later removed MinIO entirely.
Weka (March 2023): same playbook, without even prior private contact. Weka pushed back, arguing that Apache 2.0 is explicitly irrevocable (Section 2). Darren Shepherd, chief architect at Acorn Labs, put it bluntly: “The optics of this for MinIO are just bad, whether it is justified or not. I don’t even get how one can revoke a license.”
Maybe those targets deserved it. Maybe they didn’t. Attribution compliance matters. But the enforcement pattern? Public accusations, trying to revoke rights without a legal basis, warnings of financial injury to downstream customers of those whom they had accused? Ouch. Talk about a way to eat your cache of consumer goodwill. This was the moment many realized using MinIO was a mistake a business might pay dearly for later.
Lucy Feels Personal
This story is not exactly abstract for me.
Around the time of the AGPL transition, I was part of a project that had been experimenting with MinIO. I became intimately familiar with the source code. And once the license began to shift, I realized: anything I built might be tainted by my knowledge of their codebase.
The mere fact that I had read their code, understood their architecture, internalized their patterns, extended and modified it under Apache 2.0 to suit my purposes? That was enough to create a contamination risk. At least in my mind. Not a certainty, but definitely a risk, and one my employer could not afford.
So the project I was working on pivoted. And I pivoted away from it. I stopped writing that kind of code and started managing people who wrote code instead. I succumbed to the pressure to become a middle manager instead of a creator. It was a nice run for five years: I built a high-performing team. And we created a great product that’s heavily used to this day (or so I hear).
Then I got really sick, spent months away from work to recover, realized that managing was no longer what I wanted to do, and less than a business day after leaving that company I had an offer that more closely aligned with my goals.
Now to be realistic? MinIO’s Lucy-like licensing leaks to AGPL was not the dominant factor in my decision. It was maybe… like item #17 on my spreadsheet of career considerations. But it was on the spreadsheet. Real licensing decisions affect real human careers.
Lucy And The Football
MinIO was changing the rules while pulling practical usability out of the community path, faster and faster. In March 2024, MinIO introduced Enterprise Object Store (later rebranded AIStor), drawing an explicit line between the community edition and the commercial product. Around May 2025, MinIO removed the administrative web UI from the Community Edition console. Cofounder Harshavardhana explained it as a maintainability and security issue and told users: for UI-based admin, move to AIStor or use the mc CLI. When asked if it would come back: no plans. By late October 2025, the Community Edition shifted to source-only distribution. No maintained binaries. No official container images. Build it yourself. And as of February 12, 2026 – last night – the repo README indicated “THIS REPOSITORY IS NO LONGER MAINTAINED.”
I mourned a little bit. I’d spent a lot of time with that code many years ago. It felt like a little GitHub funeral.
It’s Not Really About Charlie. Or Lucy. Or Linus. Or even MinIO.
When I first drafted this post, I was stuck in late-2010s thinking. I wrote it like a straightforward open-source rug-pull: build adoption on permissive terms, accumulate switching costs, change the deal. Lucy pulls the football, same as always.
But sitting here in 2026, I realized that presenting it that way would colossally miss the point.
So here is my new working thesis: open-source dual-licensing depends on copyleft enforceability. AGPL’s value as a monetization tool requires proving “derivative work”: tracing the chain from source to product, demonstrating that your code derived from their code. The commercial license is the escape hatch: pay us and we remove the AGPL obligations. Sue those who don’t comply, as MinIO did. That business model works as long as the derivation chain is traceable.
But because of large language models, it’s becoming untraceable.
If an LLM trained on MinIO’s codebase, plus Ceph, plus every distributed systems paper ever published, generates functionally equivalent S3-compatible object storage: is that a “derivative work”? Courts have not ruled. The legal theory is unsettled. And in practice, no one is checking.
Compare it to music. Warner Music Group threatened to sue Suno for training on their catalog, then settled for equity and licensing rights. The difference there is kinda’ important: Music provenance is often traceable. There are distribution logs, streaming records, identifiable melodies, and never-ending Bittorrent IP addresses of people downloading “free music”. WMG could prove their catalog was ingested by Suno employees, apparently (though all the negotiations were behind closed doors, so nobody really knows if they weren’t In The Room Where It Happened…)
Code doesn’t work like that. Imagine a developer vibe-codes an S3-compatible object store in 2026. The AI that helped was trained on a GitHub snapshot from 2019 that included MinIO under Apache 2.0. How do you prove derivation? The code has no watermark. There is no real distribution log, no throat to choke. The code was freely available to download from GitHub.
Good luck proving where that code snippet came from.
Combine that with current US policy to rescind regulations that might hinder AI innovation and the resultant chilling effect on lawsuits alleging improper sourcing of training data? Good luck proving GPLv3 or AGPL infringement for a vibe-coded closed-source enterprise app that just happens to smell like that thing you wrote back in 2014.
(Aside: Executive Orders have gotten out of hand. We should probably call a Convention to do something about that.)
Now back to my foreshadowing earlier. Remember my career pivot? I was so concerned about simple knowledge of MinIO’s codebase infecting the code I was building that I stopped building. Between 2019 and 2021, that felt like a reasonable precaution.
In 2026, that idea seems almost quaint.
Software engineers who’ve adopted AI now are using it to write most or all of their code. They mainly work toward a coherent higher-level result. The distinction of “where that code came from” has lost much relevance. Future-me would not have worried about code contamination: I would have thought of a feature, carefully outlined it in planning docs, AI would write it to my specs, and I would have tested it and submitted the PR. The contamination anxiety that partly drove my career change half a decade ago is dissolving in a world where everyone’s code is a slurry blended from everything else.
That is … well, kind of an upside for me personally. I am 100% loving my AI-driven coding workflows. I get better and faster and more accurate at it every day. It helps me get my head out of the weeds of pure process-driven thought, and into shipping actually working inventions.
But I suspect this poses an existential threat to every company whose business model depends on the opposite being true. On strong provenance guarantees and provable license violations.
Including basically the whole open-source community.
Anthropic just announced that their agents autonomously built a working C compiler. I strongly suspect that a very careful source code audit would find most of the functions in that code base had some very-similar function from other open-source projects, under a license that’s unfriendly to closed-source businesses.
And there’s probably nothing the creator and licensor of that code can do about it.
So: why write and open-source something if it is just fodder for AI to train on with no accountability? Why not vibe-code it yourself and figure out how to monetize it, even if chunks of the training corpus were AGPL-licensed? If US law continues to treat AI training as fair use, the copyleft enforcement mechanism – the very thing that makes AGPL valuable as a dual-licensing tool – becomes legally unenforceable.
The football is not just being pulled away.
There is no football.
Lucy Is a Marionette
Which brings us back to MinIO specifically, and why I think the acceleration makes more sense than “they just got greedy.”
MinIO’s business model was a dual-licensing model: the AGPL community edition creates the compliance burden, and AIStor is the relief valve. That model requires AGPL to be scary enough that enterprises pay to avoid it.
If AI-generated code makes AGPL obligations unenforceable in practice, the value of that commercial license declines. The extraction window is closing. SoftBank Vision Fund 2 put money in at a $1B valuation. They need a return before the window shuts.
I want to be a little bit careful here, because what follows is a testable hypothesis, not a proven fact.
That said, closing the repo accomplishes several things at once. It stops new commits from entering AI training corpora. It prevents external eyes on code quality. There are no public commits. No community-filed source-based CVEs. No independent code security audits. No one diffing commits and noticing the code smells like AI instead of Harshavardhana anymore.
This change, I think, gives MinIO some flexibility. It can reduce headcount, rely more heavily on AI-assisted development, and shift engineering resources away from or into development internally without anyone noticing.
From that point of view? OPACITY IS THE FEATURE.
There’s some evidence to support my speculation. Glassdoor reviews from MinIO employees say: “Rapid hiring to meet financial goals has been followed by layoffs framed as role eliminations, leaving employees uncertain about their future.” They describe no performance reviews or pay adjustments for 2.5+ years. They say the company “struggles to turn [open source] into a sustainable business.” One reviewer describes leadership as “disorganized” with “frequent mixed signals.”
The headcount data is contradictory, which is itself an interesting data point. Blocks & Files reported “fewer than 45 people” at the January 2022 Series B. PitchBook currently says 195. Tracxn says 74 as of December 2024. Even taking the most generous reading, MinIO hired aggressively post-Series B and now the numbers are murkier. And MinIO claims 149% ARR growth and a spot on the 2025 Deloitte Fast 500, while employees complain about stagnant pay, layoffs, and a struggle to monetize.
The strings on the marionette lead to a cap table that seems like it’s probably running out of time, and the murky numbers make the motivations unclear. Draw your own conclusions about who – or, I suppose, “what” – might be driving the desperation.
Game Over
MinIO is not the first Lucy. Oracle killed OpenSolaris after acquiring Sun. MongoDB switched from Apache to SSPL in 2018. Elastic moved Elasticsearch away from Apache 2.0. Redis went source-available in 2024. Different details, same Charlie Brown physics: build adoption under permissive terms, accumulate switching costs, change the deal, leave your contributors laying on their backs, staring at the sky, and wondering what they’ve done wrong to deserve this.
But this time is a little different. Every one of those prior rug-pulls happened in a world where “derivative work” still meant something enforceable. You could look at the code and trace it, and often observe how a hardware or software device or service behaved to determine if it was using your code. The license regime assumed a human wrote the code and you could follow the provenance.
That world has abruptly ended. Now AI is writing most of the code. And every VC-backed company that bet on dual-licensing is facing the same fast-closing window: build a moat around your data, because that’s the only thing AI won’t commoditize. As long as it cannot get it.
MinIO’s move seems pragmatic given the conditions.
More will follow.
THE END
Postscript A: If it weren’t for bad ideas, I’d have no ideas at all
I have more rambling thoughts. If you read this far, you might as well continue reading, but I simply ran out of time to organize or edit them.
I believe in steel-manning my own blind spots, so here they are.
The 2021 AGPL switch predates any credible AI code generation threat. That move was classic dual-licensing. My AI thesis seems to explain the 2025-2026 acceleration, not the original license change.
The barn door was already open; coming from a Barnson, that’s saying something. MinIO’s code has been in training corpora for years. Archiving the repo stops new commits from being ingested, but it does not un-train existing models. If the goal is to protect the code from AI, they are years too late.
Courts could go the other way. If they rule that training on copyrighted code constitutes copying rather than fair use, AGPL gets stronger, not weaker. The commercial license becomes more valuable, not less. The whole thesis flips.
And the simplest explanation deserves consideration: maybe they just could not monetize the community edition and stopped spending on it. The AI angle adds sophistication to what might be a straightforward P&L decision.
I think of this as a testable prediction, not an established fact.
- If MinIO starts shipping code that looks AI-generated
- (good luck figuring that out if it’s closed source!),
- and if the security posture degrades without public scrutiny,
- and if the headcount continues to contract while ARR claims grow?
- those are confirming signals.
- If they
- hire aggressively,
- ship great software,
- and the Glassdoor reviews improve?
- then I was probably wrong, and I’d be happy to say so.
The company is headed by a crew with proven open-source chops, and they deserve success if it can be found in today’s enterprise storage hellscape.
Postscript B: for my fellow devs
If you are running MinIO in production today? The upstream repo is archived and the README says it is no longer maintained. The Community Edition is source-only with no precompiled binaries and no admin UI. If you want the batteries-included experience, you are looking at AIStor subscription pricing. Your data is probably portable (S3 is a well-defined API), but the switching cost is real and it scales with how deep you went. Figure it out and I’d suggest you get the hell out.
If you are building something new? Six years ago this was a permissive, community-friendly project. It had hundreds of millions of Docker pulls and the default recommendation on Stack Overflow. MinIO’s move last night makes me feel much like I did watching the animatronic corpse of Peter Cushing play Grand Moff Tarkin in Rogue One… creepy and off-putting. I skip that scene. Unless I want to admire what artists could do in an era when “Will Smith Eating Spaghetti” was a funny/weird AI thing instead of looking more photorealistic than me taking a video of myself in my kitchen.
If you are an open-source developer? The deeper problem is not really MinIO. It’s the enforcement mechanism. The ability to prove “derivative work” is eroded by AI code generation faster than anyone is building replacements. Your open-source app monetization strategy is the Disappearing Lucy’s Football. The economic infrastructure that sustains open-source development needs to be replaced.
I don’t have a fix for that. I don’t think anyone does. Maybe open-source of the future is all on Patreon or something.
I recently started creating independently again: code, music, and now blogging. It is a much healthier place for me than trying to lead a team. The irony? The same language models undermining code copyleft are the ones making it possible for me to create more, faster, and at higher quality than before. Without worrying if some old code is living rent-free in my head.
The world is weird.
And if you give money to organizations that defend software freedom: give it to the EFF.