Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Free team being sunset, no way to convert to a regular account #2314

Closed
3 tasks done
Tracked by #434
josegonzalez opened this issue Mar 14, 2023 · 93 comments
Closed
3 tasks done
Tracked by #434

Free team being sunset, no way to convert to a regular account #2314

josegonzalez opened this issue Mar 14, 2023 · 93 comments
Labels

Comments

@josegonzalez
Copy link

josegonzalez commented Mar 14, 2023

Problem description

I got an email saying that I'll need to convert from a free team to something paid. I use Docker hub solely for images related to the Dokku organization. I don't see a way to convert the namespaces - dokku and gliderlabs - to regular accounts. Both use public repositories exclusively, and are only used for supporting the OSS organizations.

Ideally we can convert them to regular accounts that I can log into, as I don't see anything either org benefits from. A second useful change might be to allow OSS orgs to continue to access docker hub teams for free, but I'm sure thats not where docker hub wants to go, pricing wise.

EDIT: I looked at the Docker Sponsored Open Source program and applied. It seems there is going to be a long wait (I applied this morning, and got that message then too). It's not super clear why I'm being asked for work-related information for an OSS project (Dokku is in no way related to my day job). What will happen if I'm not verified in time for the deadline in question, especially if I haven't even been notified I'm in review?

Debug Information

Browser name and version:

All

URL:

N/A

Timetamp or time range:

N/A

Public IP:

N/A

Hub Username:

dokku and gliderlabs

Error messages (on screen or in browser console)

N/A

Screenshots of the issue (if applicable)

N/A

Task List

  • This is NOT a security issue
  • I do NOT have a Docker subscription
  • I have looked through other issues and they do NOT apply to me
@Bo98
Copy link

Bo98 commented Mar 14, 2023

Yeah the email is very confusing as it suggests only access to private repos will be suspended while public repos are not, but everything will end up being deleted in May regardless if public or not. The "FAQ" also has the heading "Private Repos FAQ" so is not relevant at all for free teams that only use public repos.

Seems like there's a big assumption in that email that everyone using teams are companies with money and private stuff rather than a group of OSS developers.

The whole thing seems super rushed without much consideration and have just left people confused. The links in the FAQ aren't even clickable.

@nwalters512
Copy link

nwalters512 commented Mar 14, 2023

I want to second the fact that this email raises many more questions than it answers. I have a Free Team organization that's use to distribute public Docker images for an OSS project. If "all data will be deleted", does this include our public images?

It seems like no one knows what is happening: https://news.ycombinator.com/item?id=35154025

@wholtz
Copy link

wholtz commented Mar 14, 2023

I maintain the OSS project for the mambaorg/micromamba image, which is currently using a free Team account.

My reading is that if you are accepted into Docker's open source program, then you get a free Team account (that I'm guessing isn't going to get purged). I just applied to this program and Docker says they try to process applications within 30 days. However, Docker indicates they currently they are receiving a high volume of applications. If my application isn't approved in 30 days, then it will be after the Teams purge date and my images will go away. These images are commonly used in CI pipelines and those pipeline are going to break if the images are removed from Dockerhub. I'd really like to see Docker commit to fully processing all applications to their open source program before purging teams.

@yavorg
Copy link

yavorg commented Mar 14, 2023

Hi folks, than you for your feedback!

Docker has a specific DSOS program for open-source projects, and it is not affected by the sunsetting of Free Team plans. We are listening to feedback and may offer additional programs in the future.

We will defer any organization suspension or deletion while DSOS application is under review, and give organizations at least 30 days before we suspend the organization if the application is ultimately rejected.

Any organizations suspended or deleted will not release the namespace, so squatting previous namespaces will not be possible.

Thank you and please keep the open feedback coming!

@nwalters512
Copy link

nwalters512 commented Mar 14, 2023

@yavorg thanks for the update. Can you clarify exactly what will happen if we don't upgrade to a paid plan and also don't make it into the DSOS program? Will all our public images truly be deleted?

The fact that the DSOS program excludes commercial OSS really stings considering that Docker itself is commercial OSS! Payment for me, not for thee; I guess I'm only allowed to make a living from "tips".

@Sytten
Copy link

Sytten commented Mar 14, 2023

Considering that docker hijacks the top level for docker commands, this change will likely results in a lot of broken images and malicious images. For us, a small company that is not OSS, it's just not worth paying 300$/y just to publish a public image. We might have considered it a smaller price point or used the personal namespace but now we can't "downgrade" so this is just a shit move from Docker.

@everflux
Copy link

Hey @yavorg we applied years ago to the DSOS and never received and answer after the first follow-up. I am very concerned about https://hub.docker.com/u/trion where we publish Angular images with >10mio pulls in sum

@NeilHanlon
Copy link

Similar story here for the Rocky Linux images in the rockylinux namespace. We had applied for the OSS program years ago and heard nothing. We applied again a few months ago after prompting but have similarly not heard anything from that application, either.

@ramereth
Copy link

Same thing with the OSU Open Source Lab and the Cinc project. I just applied for the OSS program for both but no idea if that will pan out or not based on the comments above.

@bobvandevijver
Copy link

It sad to see that we're going to loose our namespaces because of this. Converting the existing organisations to a free personal account would fit us best, but we'll just move our images to other container registries I guess.

@Bo98
Copy link

Bo98 commented Mar 14, 2023

Docker has a specific DSOS program for open-source projects, and it is not affected by the sunsetting of Free Team plans.

Might be worth adding this to the FAQ as I was unaware this existed, and I seem to not be alone in that.

@justinbowes
Copy link

The timeline of this, the lack of communication, the lack of a stepped migration path, all tell me that Docker is not an organization to be relied upon, and that I need to reduce my exposure to this company for my projects as fast as I possibly can.

@pierreozoux
Copy link

I knew this would happen, but didn't prepare for it, my bad.

My main concern is squating. As a kubernetes admin for big orgs, if we don't get strong comitment from docker about this, I think I'll forbid the use of hub.docker.com it would be easier.

I recommend you to take this squating issue seriously if you don't want docker name to be associated with dramatic events. (In my opinion this squating thing can become a serious industrial catastrophe).

@bobvandevijver
Copy link

@pierreozoux It was mentioned before by @yavorg that squatting wont be possible.

Any organizations suspended or deleted will not release the namespace, so squatting previous namespaces will not be possible.

@verdverm
Copy link

An additional plan for small developers would be greatly appreciated. Forcing us into a 5 user / $300 minimum spend for a few public images for our own users is excessive. Why can this not be a 1 user minimum at $5/month?

That would keep me, otherwise moving to GHCR

@samth
Copy link

samth commented Mar 14, 2023

The @racket project submitted our application to the DSOS program in July of 2021 and we have never heard anything back.

@nicolasnoble
Copy link

The messaging around this is very confusing. At face value, this seems to indicate the free tier will fully disappear, but the FAQ and documentation only talks about private images. We're only using this to publish public images for OSS projects.

Please clarify what's going to happen to public-only images.

@benjaminjonard
Copy link

Never heard of the DSOS program before, I applied and got a positive answer in less than fifteen minutes so it may be worth a shot.

The lack of communication does not inspire confidence for the future though

@nicolasnoble
Copy link

Never heard of the DSOS program before, I applied and got a positive answer in less than fifteen minutes so it may be worth a shot.

It's worth mentioning that the DSOS program isn't really fitting many OSS usage cases. The form is not relevant for organization publishing more than one project for instance. It's also demanding information like "company" or "job title", as if the OSS organization is in fact a company employing people, which won't match many OSS organizations out here.

I haven't filed a DSOS request because I have no idea what to fill for most of the fields.

@marcelstoer
Copy link

marcelstoer commented Mar 14, 2023

I haven't filed a DSOS request because I have no idea what to fill for most of the fields.

I tried, despite the mismatch you mentioned. However, Docker even fails to count to 30 correctly.
Screen Shot 2023-03-14 at 21 53 20

@NeilHanlon
Copy link

I wonder if it might be time for we the community just host its own registry without these restrictions and problems.

@robert-scheck
Copy link

robert-scheck commented Mar 14, 2023

I submitted a DSOS application for rpki-client (portable) on July 7th, 2021, answered all questions (sent by the "Docker Marketing Team" via e-mail) – and never heard back from them after July 12th, 2021 (where a "Marketing Intern Docker, Inc." confirmed that they received my answers and would come back to me with a decision).

I also would like to remark that I'm using Docker Hub only to publish public images (but actually for multiple projects in different Docker Hub organisations), which have been built outside (using GitHub Actions). And this is mainly because Docker Hub itself didn't support enough architectures at the time when I evaluated this somewhen in 2020.

Being able to convert the organization accounts into personal single-user free accounts with the same name and images would be a reasonable solution for most of what I maintain, I think.

@pimterry
Copy link

I'm also affected by this - like many other projects here, I'm only using Docker hub to publish public images within a org namespace (no private images, no builds, no other team members).

These images are widely used by others, referenced in all sorts of docs & CI builds, and embedded in software running all over the place, so implying that all these images will stop being accessible in 30 days is a massive problem.

I'm running a tiny open-source project but with some income (just enough to make development sustainable with one developer) which means it seems I'm not allowed into the open-source scheme either.

At least keeping existing public images available for more than 30 days would be a huge help for migration here (maybe that's already going to happen regardless, but the current messaging is very unclear on this).

Being able to convert my organization account into a personal single-user free account with the same name & images would be a reasonable solution imo (if these were the rules in the past, that's probably what I'd set up now).

Alternatively, allowing closed organizations to set up automated redirects to hosting elsewhere would help, so that references to all the existing images don't break. I could very easily host these images on GHCR for free, or run my own public hosting indefinitely for far less than $300, but doing that now doesn't solve my problem because the existing Docker hub URLs are widely used all over the place already.

@pjeby
Copy link

pjeby commented Mar 14, 2023

Also similar to others, I have a couple of single-user orgs used only to publish public images from public, open source github projects, and would love to be able to just switch them to single-user free accounts. At this point my plan is to migrate new versions to be published on ghcr but I'd rather not lose the historical images.

It would be nice if there were some way to have a redirect from our old orgs/repos to their new locations, and similarly provide a helpful error message for CLI pulls, to aid downstream migrations.

@nishakm
Copy link

nishakm commented Mar 14, 2023

Hey folks,
Our use of Dockerhub is to host a "test image" which doesn't do anything beyond store some files in a couple of layers. We haven't updated it in years and we mostly use the image to test the open source project.
According to DSOS, we can only make use of Dockerhub if the image is in "active development". We are planning to move it to GHCR but I'd like to ask here if there is some alternative place within Dockerhub we could move it to.
cc: @rnjudge

@shinebayar-g
Copy link

shinebayar-g commented Mar 14, 2023

Not every open source project can be or will be onboarded to docker open source thing. Why don't you at least "downgrade" these account into personal account or even free public only "org" tier? I can't imagine what kind of horror it would create.

@BretFisher
Copy link

@jamgregory

@BretFisher - I'm confused what this "30 day clock" now refers to. The blog post explicitly says...

So what are you actually losing after 30 days? The ability to push to images in that organisation?

Yes. If you do nothing with the org on the free plan, on April 15th you'd loose access to private images and the ability to push any new images. Public images will still be pullable.

Presumably if we lose the ability to manage the organisation but you keep the public images... how do we delete them in future?!

I don't know what this experience will look like on April 15th. Let's hope we see a new post or FAQ update on that. In the worst case, though, users/consumers of a pre-15th image can still get it and build from it.


Just a friendly reminder, you still have options beyond a paid upgrade:

  1. Submit a support request on Hub (log in first) to convert the free org to a free user.
  2. Submit a request to the Docker-Sponsored Open Source, which I know they have/are ramping up staffing on and have already reviewed and responded to a majority of the requests received in the last three days.

Another friendly reminder, if you ever submitted a DSOS request before Wednesday, they are encouraging us to re-apply. I've never done it, but I too have multiple free organizations that I'm considering it for.

@BretFisher
Copy link

Based on multiple conversations we had with Docker management, CEO, and staff, I made a 14-minute podcast on the facts and timeline as I see them. Any corrections in the coming days/weeks will get added to the show notes or a full re-edit of the audio to keep it current.

If you saw my live show on Thursday, this podcast includes multiple corrections to things I said on that show, including learning hours later that free org public images will still be pullable after April 14th.

https://podcast.bretfisher.com/episodes/docker-hub-oops

@xquery
Copy link

xquery commented Mar 18, 2023

Still unclear - images are still pullable but what good is that if they just atrophy and collect CVEs for unsuspecting users to pull months, or years later ?

@mutech
Copy link

mutech commented Mar 19, 2023

Analysis of the motivations behind this move

This is such a catastrophic situation, for Docker, the images providers affected by the policy change as well as users of Docker images, both paying and non-paying, that I cannot let it go.

So Docker provided a free service to us and that service is apparently expensive. Expensive enough, that Docker does not want or cannot to sustain it. It's expensive because images are high volume downloads.

Users don't see Docker Hub as a distinct service. A user wants to run an image, Docker is the most prominent technology, so they install Docker, search for an image that does the job and then they run the image. There is a concept of "the best image". That means something different for each user, but there are some qualities everybody appreciates. The "official" image is the one that carries an air of competency. You can expect to get the most recent updates. Professionals creating official images will also think of upgrade paths, because that's a problem each software vendor has to tackle routinely.

In the absence of an official image or where such images don't meet the particular requirements of a user, they search for alternatives. Most users will search for keywords and then sort by number of downloads, user ratings or other most often community defined attributes.

This is what Docker Hub does for users, besides providing the network bandwidth for downloads. What is it to Docker?

To Docker, Hub is the last mile. It's what decided the browser wars for Microsoft. They had the opportunity to provide users with a default choice. You chose Internet Explorer unless you explicitly installed another browser. Their operating system, their default settings. Chrome uses Google search as default search engine. The last mile provides quite some value if choice is relevant. It's always nice to provide a default.

Docker is under pressure from two sides. It started out as the only or the most popular containerization solution. Then came kubernetes, cutting services out of the cake, leaving application containers. Kubernetes started out as pure cloud technology, leaving on premise and devtop to Docker where it still shines. Then comes LXD cutting a small piece of dockers cake, containers as cheap (in terms of resources) virtual machines and Podman as direct competitor, taking over production app containers because of a better migration path to kubernetes and rootless containers as a tech to fix security problems with Docker.

Docker is still at the top. It's still the most popular container technology and it is overall awesome technology. But competition makes it increasingly a niche product. It's not getting better or easier for Docker. Docker already changed from the container thing to the developer tool and the software demo platform.

Here is the thing. The sustainable thing to do is to innovate if you want to win competitions. The alternative is to use leverage while you are on top and try to suffocate competition. Microsoft succeeded with the latter strategy, but they ultimately still lost the browser war, despite the total dominance that Microsoft still has on the Desktop. MS failed to innovate on the mobile train though and together with complete negligence in the innovation department they had to come up with a complete redesign of MS. This platform is part of it. SCO tried to use leverage when they lost the PC UNIX market. They bet on licensing as leverage. Most of you guys are too young to remember that. An epic failure.

This answers the question why Docker is not transforming Docker Hub into a registry, leaving the hosting of images to image authors. That would be cheap, it would preserve all functions that current Docker Hub has. But it would be giving up on the last mile. Hub would only be the default in Docker engines, not (necessarily) for all the other competitors who could easily provide their own registry, if image providers already take charge of the expensive hosting task.

So what Docker really does here is to charge image providers to finance their status as last mile provider or leverage to have some unique quality that their product can no longer provide.

Not only that, the motivation for providers to pay is their reputation, their users. If they don't pay up, their users will suffer the consequences, because they will otherwise no longer receive updated images at best. Their users would have to change their registry settings, many of which won't even know what that is and how to do it. They are just as likely to choose an "official" or "better" image before they edit some daemon.json file that Docker marks at something like use at your own risk.

This of course also effects paying users, because they are just as likely to use images from OSS projects. So paying up to Docker does not really mean that Docker is respecting your interests.

What I perceive as incredibly short sighted if not stupid, is that whenever a company decides that using leverage is better or easier than to innovate, they forget that leverage always works both ways. The lever pushes harder on the other end, but the smaller force requires a longer way and that usually means that innovation will become that much more difficult. A long way to get where others already are. And that does not even account for the devastating damage to the reputation of the brand.

I loved SCO Unix at a time when Linux did not yet exist. It was a way to have a real UNIX on my PC. It was ridiculously expensive, but it was worth it. Until Linux and the BSD's came out. It was tough on SCO, but that's business. They had a long period where they were on the top, where they could have innovated and instead rather felt omnipotent and so much better than the rest of the bunch. This feels so very similar to what we see here.

@robert-scheck
Copy link

I'm experiencing exactly the same issue here for 4 projects.

I received a confirmation email yesterday as well as an acceptance one this morning.. It does appear they come, just with delay?

Yes, it looks like there is some delay for the initial (automated?) response. Meanwhile I received responses like this:

Thank you for applying to the Docker-Sponsored Open Source program! We appreciate the time you took to fill out the application, and it’s now being reviewed.

You’ll receive an update within 30 days. […]

@schmunk42
Copy link

What's the worst from a user point-of-view is that you can't really see if the image you're using might be affected.

You need to go to DockerHub and look up if the namespace is from a Personal Account or Community Organization.
And even if you do that, a Community Organization could still be "in application"-state.

Not to mention, that even Sponsored OSS might be revoked at anytime, if the management makes that decision.

@mutech
Copy link

mutech commented Mar 24, 2023

What's the worst from a user point-of-view is that you can't really see if the image you're using might be affected.

I think the only end users who are immediately impacted are those who use docker to deploy productive services and rely on image updates. They will have to evaluate if the images they are using are affected or alternatively if other registries provide the same or similar images and just migrate there which probably provides a more reliable long term solution. They will probably migrate to Podman in the long run anyway, because that also provides easier migration paths to Kubernetes and become less reliable on Dockerhub through that path.

Depending on how OSS projects react to this policy change, Quai, Github or other alternatives might just take over the role that Dockerhub has now. If that happens, other user categories will increasingly find outdated images on Hub and also migrate away from Hub or Docker or both.

I think the sustainable solution is not to replace Dockerhub with another vendor service but to move to purely community run solutions that are less prone to such blackmailing campaigns. That will of course require some financing. If the big vendors don't contribute that, we are going to have to pay for some services, which I find perfectly acceptable if we know what we actually pay for. It's probably better to spend money on smaller to mid sized storage providers than to concentrate the whole business on 1-3 global companies who control everything.

The core of the problem really is that whenever a commercial entity gains a unique selling point in cooperation with open source projects, the temptation to capitalize on that by milking OSS projects or users is just to great. The concept of minimal trust does not only work well in security. We are going to have to give up on trust-based cooperation.

@ckadner
Copy link

ckadner commented Mar 24, 2023

This just came into my email inbox — From Docker:

On March 14, 2023, we emailed you about your Free Team subscription, outlining our intention to sunset that plan. After listening to the concerns of the community, we’ve decided to reverse course, and are no longer sunsetting the Free Team plan.
If you’re currently on the Free Team plan, you no longer have to migrate to another plan by April 14. All customers who upgraded to a paid subscription will automatically receive a full refund for the transaction in the next 30 days, allowing them to use their new paid subscription for free for the duration of the term they purchased.
We apologize for the alarm our decision caused. For more details, please visit our FAQ.

@yavorg
Copy link

yavorg commented Mar 24, 2023

As announced, Docker is no longer sunsetting the Free Team plan. We value your passion and engagement, and thank you for all the feedback that made this decision possible. We are closing this issue, but please open a new one or contact support if you have further feedback.

@yavorg yavorg closed this as completed Mar 24, 2023
@mutech
Copy link

mutech commented Mar 25, 2023

It takes guts to not only correct a "mistake" but also admit that it was one. Deeply appreciated!

@guice
Copy link

guice commented Mar 25, 2023

Now, Docker should just bring back Docker Free Teams. According to your post, these are the main differences:

The main advantages of (paid) Docker Team vs. Docker Free Team are:

  • Unlimited number of teams (vs. 1 team in Free Team)
  • Up to 100 seats total (vs. 3 seats max in Free Team)
  • Unlimited private repositories (vs. no private repositories included in Free Team)
  • 5,000 pulls/day/user (vs. 200 pulls/6 hours/user in Free Team)
  • The Free Team plan does not include a license for commercial use of Docker Desktop at a company of more than 250 employees OR more than $10 million in annual revenue.

Honestly, Free Teams sounds like a perfect steppingstone to upsell paid Teams. Why was the free tier removed, anyway? It sounds like Free Teams is just a User account with an org name and 2 additional contributes.

The Free Team plan does not include a license for commercial use of Docker Desktop at a company of more than 250 employees OR more than $10 million in annual revenue.

Since Docker Desktop is free for these orgs (under 250), why isn't Teams as well? I complete understand how paid Teams would include paid Docker Docker license -- upsell!

@ob1dev ob1dev added the billing label Jul 28, 2023
nicolasnoble added a commit to pcsx-redux/support that referenced this issue Nov 13, 2023
nicolasnoble added a commit to pcsx-redux/support that referenced this issue Nov 13, 2023
nicolasnoble added a commit to pcsx-redux/support that referenced this issue Nov 14, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests