-
Notifications
You must be signed in to change notification settings - Fork 39
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Free team being sunset, no way to convert to a regular account #2314
Comments
Yeah the email is very confusing as it suggests only access to private repos will be suspended while public repos are not, but everything will end up being deleted in May regardless if public or not. The "FAQ" also has the heading "Private Repos FAQ" so is not relevant at all for free teams that only use public repos. Seems like there's a big assumption in that email that everyone using teams are companies with money and private stuff rather than a group of OSS developers. The whole thing seems super rushed without much consideration and have just left people confused. The links in the FAQ aren't even clickable. |
I want to second the fact that this email raises many more questions than it answers. I have a Free Team organization that's use to distribute public Docker images for an OSS project. If "all data will be deleted", does this include our public images? It seems like no one knows what is happening: https://news.ycombinator.com/item?id=35154025 |
I maintain the OSS project for the mambaorg/micromamba image, which is currently using a free Team account. My reading is that if you are accepted into Docker's open source program, then you get a free Team account (that I'm guessing isn't going to get purged). I just applied to this program and Docker says they try to process applications within 30 days. However, Docker indicates they currently they are receiving a high volume of applications. If my application isn't approved in 30 days, then it will be after the Teams purge date and my images will go away. These images are commonly used in CI pipelines and those pipeline are going to break if the images are removed from Dockerhub. I'd really like to see Docker commit to fully processing all applications to their open source program before purging teams. |
Hi folks, than you for your feedback! Docker has a specific DSOS program for open-source projects, and it is not affected by the sunsetting of Free Team plans. We are listening to feedback and may offer additional programs in the future. We will defer any organization suspension or deletion while DSOS application is under review, and give organizations at least 30 days before we suspend the organization if the application is ultimately rejected. Any organizations suspended or deleted will not release the namespace, so squatting previous namespaces will not be possible. Thank you and please keep the open feedback coming! |
@yavorg thanks for the update. Can you clarify exactly what will happen if we don't upgrade to a paid plan and also don't make it into the DSOS program? Will all our public images truly be deleted? The fact that the DSOS program excludes commercial OSS really stings considering that Docker itself is commercial OSS! Payment for me, not for thee; I guess I'm only allowed to make a living from "tips". |
Considering that docker hijacks the top level for docker commands, this change will likely results in a lot of broken images and malicious images. For us, a small company that is not OSS, it's just not worth paying 300$/y just to publish a public image. We might have considered it a smaller price point or used the personal namespace but now we can't "downgrade" so this is just a shit move from Docker. |
Hey @yavorg we applied years ago to the DSOS and never received and answer after the first follow-up. I am very concerned about https://hub.docker.com/u/trion where we publish Angular images with >10mio pulls in sum |
Similar story here for the Rocky Linux images in the |
Same thing with the OSU Open Source Lab and the Cinc project. I just applied for the OSS program for both but no idea if that will pan out or not based on the comments above. |
It sad to see that we're going to loose our namespaces because of this. Converting the existing organisations to a free personal account would fit us best, but we'll just move our images to other container registries I guess. |
Might be worth adding this to the FAQ as I was unaware this existed, and I seem to not be alone in that. |
The timeline of this, the lack of communication, the lack of a stepped migration path, all tell me that Docker is not an organization to be relied upon, and that I need to reduce my exposure to this company for my projects as fast as I possibly can. |
I knew this would happen, but didn't prepare for it, my bad. My main concern is squating. As a kubernetes admin for big orgs, if we don't get strong comitment from docker about this, I think I'll forbid the use of hub.docker.com it would be easier. I recommend you to take this squating issue seriously if you don't want docker name to be associated with dramatic events. (In my opinion this squating thing can become a serious industrial catastrophe). |
@pierreozoux It was mentioned before by @yavorg that squatting wont be possible.
|
An additional plan for small developers would be greatly appreciated. Forcing us into a 5 user / $300 minimum spend for a few public images for our own users is excessive. Why can this not be a 1 user minimum at $5/month? That would keep me, otherwise moving to GHCR |
The @racket project submitted our application to the DSOS program in July of 2021 and we have never heard anything back. |
The messaging around this is very confusing. At face value, this seems to indicate the free tier will fully disappear, but the FAQ and documentation only talks about private images. We're only using this to publish public images for OSS projects. Please clarify what's going to happen to public-only images. |
Never heard of the DSOS program before, I applied and got a positive answer in less than fifteen minutes so it may be worth a shot. The lack of communication does not inspire confidence for the future though |
It's worth mentioning that the DSOS program isn't really fitting many OSS usage cases. The form is not relevant for organization publishing more than one project for instance. It's also demanding information like "company" or "job title", as if the OSS organization is in fact a company employing people, which won't match many OSS organizations out here. I haven't filed a DSOS request because I have no idea what to fill for most of the fields. |
I wonder if it might be time for we the community just host its own registry without these restrictions and problems. |
I submitted a DSOS application for rpki-client (portable) on July 7th, 2021, answered all questions (sent by the "Docker Marketing Team" via e-mail) – and never heard back from them after July 12th, 2021 (where a "Marketing Intern Docker, Inc." confirmed that they received my answers and would come back to me with a decision). I also would like to remark that I'm using Docker Hub only to publish public images (but actually for multiple projects in different Docker Hub organisations), which have been built outside (using GitHub Actions). And this is mainly because Docker Hub itself didn't support enough architectures at the time when I evaluated this somewhen in 2020. Being able to convert the organization accounts into personal single-user free accounts with the same name and images would be a reasonable solution for most of what I maintain, I think. |
I'm also affected by this - like many other projects here, I'm only using Docker hub to publish public images within a org namespace (no private images, no builds, no other team members). These images are widely used by others, referenced in all sorts of docs & CI builds, and embedded in software running all over the place, so implying that all these images will stop being accessible in 30 days is a massive problem. I'm running a tiny open-source project but with some income (just enough to make development sustainable with one developer) which means it seems I'm not allowed into the open-source scheme either. At least keeping existing public images available for more than 30 days would be a huge help for migration here (maybe that's already going to happen regardless, but the current messaging is very unclear on this). Being able to convert my organization account into a personal single-user free account with the same name & images would be a reasonable solution imo (if these were the rules in the past, that's probably what I'd set up now). Alternatively, allowing closed organizations to set up automated redirects to hosting elsewhere would help, so that references to all the existing images don't break. I could very easily host these images on GHCR for free, or run my own public hosting indefinitely for far less than $300, but doing that now doesn't solve my problem because the existing Docker hub URLs are widely used all over the place already. |
Also similar to others, I have a couple of single-user orgs used only to publish public images from public, open source github projects, and would love to be able to just switch them to single-user free accounts. At this point my plan is to migrate new versions to be published on ghcr but I'd rather not lose the historical images. It would be nice if there were some way to have a redirect from our old orgs/repos to their new locations, and similarly provide a helpful error message for CLI pulls, to aid downstream migrations. |
Hey folks, |
Not every open source project can be or will be onboarded to docker open source thing. Why don't you at least "downgrade" these account into personal account or even free public only "org" tier? I can't imagine what kind of horror it would create. |
Based on multiple conversations we had with Docker management, CEO, and staff, I made a 14-minute podcast on the facts and timeline as I see them. Any corrections in the coming days/weeks will get added to the show notes or a full re-edit of the audio to keep it current. If you saw my live show on Thursday, this podcast includes multiple corrections to things I said on that show, including learning hours later that free org public images will still be pullable after April 14th. |
Still unclear - images are still pullable but what good is that if they just atrophy and collect CVEs for unsuspecting users to pull months, or years later ? |
Analysis of the motivations behind this moveThis is such a catastrophic situation, for Docker, the images providers affected by the policy change as well as users of Docker images, both paying and non-paying, that I cannot let it go. So Docker provided a free service to us and that service is apparently expensive. Expensive enough, that Docker does not want or cannot to sustain it. It's expensive because images are high volume downloads. Users don't see Docker Hub as a distinct service. A user wants to run an image, Docker is the most prominent technology, so they install Docker, search for an image that does the job and then they run the image. There is a concept of "the best image". That means something different for each user, but there are some qualities everybody appreciates. The "official" image is the one that carries an air of competency. You can expect to get the most recent updates. Professionals creating official images will also think of upgrade paths, because that's a problem each software vendor has to tackle routinely. In the absence of an official image or where such images don't meet the particular requirements of a user, they search for alternatives. Most users will search for keywords and then sort by number of downloads, user ratings or other most often community defined attributes. This is what Docker Hub does for users, besides providing the network bandwidth for downloads. What is it to Docker? To Docker, Hub is the last mile. It's what decided the browser wars for Microsoft. They had the opportunity to provide users with a default choice. You chose Internet Explorer unless you explicitly installed another browser. Their operating system, their default settings. Chrome uses Google search as default search engine. The last mile provides quite some value if choice is relevant. It's always nice to provide a default. Docker is under pressure from two sides. It started out as the only or the most popular containerization solution. Then came kubernetes, cutting services out of the cake, leaving application containers. Kubernetes started out as pure cloud technology, leaving on premise and devtop to Docker where it still shines. Then comes LXD cutting a small piece of dockers cake, containers as cheap (in terms of resources) virtual machines and Podman as direct competitor, taking over production app containers because of a better migration path to kubernetes and rootless containers as a tech to fix security problems with Docker. Docker is still at the top. It's still the most popular container technology and it is overall awesome technology. But competition makes it increasingly a niche product. It's not getting better or easier for Docker. Docker already changed from the container thing to the developer tool and the software demo platform. Here is the thing. The sustainable thing to do is to innovate if you want to win competitions. The alternative is to use leverage while you are on top and try to suffocate competition. Microsoft succeeded with the latter strategy, but they ultimately still lost the browser war, despite the total dominance that Microsoft still has on the Desktop. MS failed to innovate on the mobile train though and together with complete negligence in the innovation department they had to come up with a complete redesign of MS. This platform is part of it. SCO tried to use leverage when they lost the PC UNIX market. They bet on licensing as leverage. Most of you guys are too young to remember that. An epic failure. This answers the question why Docker is not transforming Docker Hub into a registry, leaving the hosting of images to image authors. That would be cheap, it would preserve all functions that current Docker Hub has. But it would be giving up on the last mile. Hub would only be the default in Docker engines, not (necessarily) for all the other competitors who could easily provide their own registry, if image providers already take charge of the expensive hosting task. So what Docker really does here is to charge image providers to finance their status as last mile provider or leverage to have some unique quality that their product can no longer provide. Not only that, the motivation for providers to pay is their reputation, their users. If they don't pay up, their users will suffer the consequences, because they will otherwise no longer receive updated images at best. Their users would have to change their registry settings, many of which won't even know what that is and how to do it. They are just as likely to choose an "official" or "better" image before they edit some This of course also effects paying users, because they are just as likely to use images from OSS projects. So paying up to Docker does not really mean that Docker is respecting your interests. What I perceive as incredibly short sighted if not stupid, is that whenever a company decides that using leverage is better or easier than to innovate, they forget that leverage always works both ways. The lever pushes harder on the other end, but the smaller force requires a longer way and that usually means that innovation will become that much more difficult. A long way to get where others already are. And that does not even account for the devastating damage to the reputation of the brand. I loved SCO Unix at a time when Linux did not yet exist. It was a way to have a real UNIX on my PC. It was ridiculously expensive, but it was worth it. Until Linux and the BSD's came out. It was tough on SCO, but that's business. They had a long period where they were on the top, where they could have innovated and instead rather felt omnipotent and so much better than the rest of the bunch. This feels so very similar to what we see here. |
Yes, it looks like there is some delay for the initial (automated?) response. Meanwhile I received responses like this:
|
What's the worst from a user point-of-view is that you can't really see if the image you're using might be affected. You need to go to DockerHub and look up if the namespace is from a Personal Account or Community Organization. Not to mention, that even Sponsored OSS might be revoked at anytime, if the management makes that decision. |
I think the only end users who are immediately impacted are those who use docker to deploy productive services and rely on image updates. They will have to evaluate if the images they are using are affected or alternatively if other registries provide the same or similar images and just migrate there which probably provides a more reliable long term solution. They will probably migrate to Podman in the long run anyway, because that also provides easier migration paths to Kubernetes and become less reliable on Dockerhub through that path. Depending on how OSS projects react to this policy change, Quai, Github or other alternatives might just take over the role that Dockerhub has now. If that happens, other user categories will increasingly find outdated images on Hub and also migrate away from Hub or Docker or both. I think the sustainable solution is not to replace Dockerhub with another vendor service but to move to purely community run solutions that are less prone to such blackmailing campaigns. That will of course require some financing. If the big vendors don't contribute that, we are going to have to pay for some services, which I find perfectly acceptable if we know what we actually pay for. It's probably better to spend money on smaller to mid sized storage providers than to concentrate the whole business on 1-3 global companies who control everything. The core of the problem really is that whenever a commercial entity gains a unique selling point in cooperation with open source projects, the temptation to capitalize on that by milking OSS projects or users is just to great. The concept of minimal trust does not only work well in security. We are going to have to give up on trust-based cooperation. |
This just came into my email inbox — From Docker:
|
As announced, Docker is no longer sunsetting the Free Team plan. We value your passion and engagement, and thank you for all the feedback that made this decision possible. We are closing this issue, but please open a new one or contact support if you have further feedback. |
It takes guts to not only correct a "mistake" but also admit that it was one. Deeply appreciated! |
Now, Docker should just bring back Docker Free Teams. According to your post, these are the main differences:
Honestly, Free Teams sounds like a perfect steppingstone to upsell paid Teams. Why was the free tier removed, anyway? It sounds like Free Teams is just a User account with an org name and 2 additional contributes.
Since Docker Desktop is free for these orgs (under 250), why isn't Teams as well? I complete understand how paid Teams would include paid Docker Docker license -- upsell! |
Problem description
I got an email saying that I'll need to convert from a free team to something paid. I use Docker hub solely for images related to the Dokku organization. I don't see a way to convert the namespaces - dokku and gliderlabs - to regular accounts. Both use public repositories exclusively, and are only used for supporting the OSS organizations.
Ideally we can convert them to regular accounts that I can log into, as I don't see anything either org benefits from. A second useful change might be to allow OSS orgs to continue to access docker hub teams for free, but I'm sure thats not where docker hub wants to go, pricing wise.
EDIT: I looked at the Docker Sponsored Open Source program and applied. It seems there is going to be a long wait (I applied this morning, and got that message then too). It's not super clear why I'm being asked for work-related information for an OSS project (Dokku is in no way related to my day job). What will happen if I'm not verified in time for the deadline in question, especially if I haven't even been notified I'm in review?
Debug Information
Browser name and version:
All
URL:
N/A
Timetamp or time range:
N/A
Public IP:
N/A
Hub Username:
dokku and gliderlabs
Error messages (on screen or in browser console)
N/A
Screenshots of the issue (if applicable)
N/A
Task List
The text was updated successfully, but these errors were encountered: