I host OSS images there, and I see no notice about how they will be affected. If they limit access to my published images, then it will be an issue. In that case the benefit and thus incentive for many of the projects which have made docker and docker hub pervasive goes away. Without that adoption, there would probably be no docker hub today.
This should help people understand a bit better why this feel a bit underhanded. The images are free, and I and many other OSS devs have used docker hub in partnership to provide access to software, often paying for the ability to publish there. In this case, any burden of extra cost was on the producer side.
Turning this into a way to "know" every user and extract some value from them is their prerogative, but it does not feel like it is good faith. It also feels a bit creepy in the sense of "the user is the product".
Most of the OSS projects I use seem to either have moved to the GitHub container registry or some other (smaller) equivalent. Some have even set up their own registries behind Cloudflare.
One of the first things I did was move to Quay.io which is unlimited everything for OSS projects. I was reaching a point where I had 1M+ pulls a month (I suspect some kind of DDoS, accidental or otherwise, for a project with just 1.7k stars) - and not having to even think about the bandwidth or anything was wonderful. It's nice to be supported by Red Hat which I generally consider more benevolent towards OSS as opposed to Docker Hub.
This has been the standard practice for all tech companies. Make it free to capture the market and snuff out all competition. Once they have secured the whole market then its time to start making money to pay back the millions they borrowed from VCs for decades
It’s like playing Plague Inc. (reverse version of Pandemic the board game where you play as the disease): to win, develop all possible methods of spreading first; only then develop symptoms, and do it fast before anyone has time to react
I find it surprising that people notice the part about symptoms[1], and despite this happening repeatedly we do relatively little against the part about spreading.
Part of it is perhaps by definition, “spreading” already assumes success. Still, I’d welcome some regulation; or at least awareness; e.g. a neologism for companies in that stage, growing at cost and only getting ready to develop symptoms.
Dockerhub isn't vetted either. Dockerhub is major compliance risk. Too many images of questionable maintenance status and sometimes questionable build. Aside from maybe some base images I wouldn't pull anything from there for enterprise use. (For toying/experimenting around slightly different)
One can't rely on library updates being done, thus one has to have a build chain form many images.
I feel that dockerhub no longer can be the steward for the default docker repo because of this and the limitations they previously have implemented. It is time for them to hand over the baton stick to someone else, or that the notion of a default repo is removed all together
They do have special provisions for OSS projects hosting their images on DH.
I don't know all the details, but you should be able to find it in the docs.
This should help people understand a bit better why this feel a bit underhanded. The images are free, and I and many other OSS devs have used docker hub in partnership to provide access to software, often paying for the ability to publish there. In this case, any burden of extra cost was on the producer side.
Turning this into a way to "know" every user and extract some value from them is their prerogative, but it does not feel like it is good faith. It also feels a bit creepy in the sense of "the user is the product".