Ross GradyJul 27, 2024
I had an interesting conversation with some #Docker executives on Friday, in which they highlighted some changes to their terms of service / business model. TL;DR: enterprises are now expected to pay for a full Docker subscription for *any* access to any "Docker Platform" features, including Docker Hub, regardless of pull rate.

So, for example, if you're a company with > 250 employees or > $10M revenue, and you have a Linux box pulling one open source image a week from Docker Hub, you must buy a Docker subscription for that box. And any others.

Previously, their website verbiage was focused solely on usage of Docker Desktop by enterprises.

If you are an #OpenSource maintainer and you're publishing container images on Docker Hub, they are monetizing your images, and they're doing so via a flat monthly rate regardless of consumption level. (IMHO that rate is too high, but YMMV, I guess)

This is obviously their prerogative. Really my only request/suggestion to Open Source maintainers who publish container images would be to consider also publishing them on GitHub's container registry (aka GitHub Packages) or any other registry, rather than single-sourcing with Docker Hub.
Show threadmirabilosJul 30, 2024
@rossgrady I’d be surprised if that were so. Otherwise one would have to manually accept these terms before being able to pull an image, like Letsencrypt clients require manual terms acceptance. Without that, users can use the clients (e.g. the old one as packaged in Debian) and never know about that, and they did offer the service to the public for like forever, so customary access may still be assumed I’d think.
Show threadRoss GradyJul 30, 2024
@mirabilos This is scoped to enterprises with > $10M in annual revenue or > 250 employees.

I can tell you from experience that they have sufficient data analytics skills to at least loosely associate IP ranges and/or email addresses associated with Docker Hub IDs back to their related enterprises.

(Not very accurately, but enough to result in email contact attempts. Large numbers of them.)
Show threadmirabilos
@rossgrady right, but I assume the onus is on them to communicate that to me-as-an-employee first, or at least to someone in the company who’d then disseminate the info.
Jul 30, 2024 at 9:30pmWeb
Show threadRoss GradyJul 30, 2024
@mirabilos They have a long track record of posting changes to their website and asserting that as binding. It *is* still worthwhile to push back, though. With the changes to the Docker Desktop license, they treated the download of v4 as a click through EULA. You’re right that just continuing to download as always is a slightly different case.

If I were them, I’d eliminate anonymous pulls entirely. But I’d never want to be them . . .
Show threadmirabilosJul 30, 2024
@rossgrady yeah but I wouldn’t download that, I install the command line tools from Debian.