Resource Guidelines

Mike

XenForo developer
Staff member
Today, we have published a set of guidelines that all resources listed on XenForo.com must adhere to. You may view the guidelines here:

https://xenforo.com/community/help/resource-guidelines/

Resources that do not follow these guidelines may be removed.

These are an initial version of the guidelines, and it is likely that they will be updated based on feedback. Please check back periodically to ensure your resource adheres to them. That said, the guidelines generally only target abusive, underhanded, or dangerous (insecure) behaviors. Very few resources will be affected.

We have also made a few additional changes:
  • A new "updates duration" resource field. If you have a commercial resource that has a limited period of updates included with the initial purchase, list that period of time here and, if applicable, any extension costs.
  • An "unmaintained" resource prefix. If you are no longer updating your resource, please set this prefix so that this is clearer to potential users. This is especially important if your resource no longer works with the current version of XenForo. Staff members will apply this prefix to resources if deemed necessary.
 
  1. Executable code (such as PHP or SQL) cannot be downloaded by your add-on unless explicitly requested by the user, as a core function of your add-on. For the avoidance of doubt, your installation or uninstallation routines must not download code to execute.

I'm assuming this means @Waindigo and @Chris D's Add-on Install & Update are fine to continue to auto-update installed add-ons as the user explicity requests the add-on to do this?
 
All of my premium add-ons download code to deliver and install the add-on after the license is validated. And it is also how updates are delivered when the user executes the install script (including directory structure changes and updated files).
Unfortunately, that will now be a requirement for resources to be listed on XenForo.com. This is not something that we consider secure, it creates situations where code is unauditable, and it creates a significant hard dependency on your server/availability. As such, it will need to be changed or the resources will not be able to be listed on XenForo.com. (You are free to list them elsewhere.)

I'm assuming this means @Waindigo and @Chris D's Add-on Install & Update are fine to continue to auto-update installed add-ons as the user explicity requests the add-on to do this?
Yes. The goal here is not to make it harder to install or maintain add-ons. But there are add-ons that download their installation (and other) queries from an external server, which makes them potentially insecure and completely unauditable.
 
If an add-on has previously been marked as a free add-on but no longer adheres to the Resource Guidelines in this respect, is there any way that this add-on can be converted to a paid add-on?

On this point, is a requirement for commercial users to purchase a commercial license in breach of the following guideline if it is available for free to non-commercial users:
3. Any price listed for your resource must accurately reflect the price paid without taking any other steps (such as enrolling in a subscription service).
 
If an add-on has previously been marked as a free add-on but no longer adheres to the Resource Guidelines in this respect, is there any way that this add-on can be converted to a paid add-on?
As in, it's now commercial? It would, unfortunately, need to be removed and relisted then. (If you're wanting to leave the old version as free, I would say you could do that by marking it was unmaintained and noting that it's been superseded.)

On this point, is a requirement for commercial users to purchase a commercial license in breach of the following guideline if it is available for free to non-commercial users:
IMO a license that requires, for example, "personal use" for it to be free is reasonable so that would be ok. The line quoted certainly wasn't designed to target that case. There was a situation that happened once where the price listed was the price after a membership subscription was purchased; this wasn't totally clear when visiting the site and the price appeared to be much higher on the site than on XenForo.com.
 
On this point, is a requirement for commercial users to purchase a commercial license in breach of the following guideline if it is available for free to non-commercial users...

This might be a good time to officially delineate the difference between a "commercial" and "non-commercial" site. In my opinion, there should actually be 3 different designations - non-commercial, monetized, and commercial. The mere presence of some advertising (i.e. monetization) of an otherwise non-commercial site should not put a forum into the same category as a true commercial site (one which is clearly designed and operated to make a significant profit for its owners above and beyond offsetting the operating costs of the site).
 
So @Mike, just thinking out loud here about @Snog's comment and @James' comment, if the call to an external server is initiated by the user and this is OK, couldn't one structure the add-on such that it installed without the call to the external server, but then after the installation was complete the user had to click an "activate" button within ACP to initiate a call to the developer's server before the addon could be actually used?

Not a coder, so I don't know if this could work this way, but that might be a way for developers to protect their addon from hackers without violating the new guidelines.
 
So @Mike, just thinking out loud here about @Snog's comment and @James' comment, if the call to an external server is initiated by the user and this is OK, couldn't one structure the add-on such that it installed without the call to the external server, but then after the installation was complete the user had to click an "activate" button within ACP to initiate a call to the developer's server before the addon could be actually used?

Not a coder, so I don't know if this could work this way, but that might be a way for developers to protect their addon from hackers without violating the new guidelines.
This would be possible, but it would also be very easy to defeat.
 
If they're not downloading executable code, then they can make external calls; these do have to be declared before purchase to make sure that people know that your add-on requires a call to an external server to function.
 
This might be a good time to officially delineate the difference between a "commercial" and "non-commercial" site. In my opinion, there should actually be 3 different designations - non-commercial, monetized, and commercial.

This has been a question I have been meaning to ask about as well. For instance, I run a hobby related forum about a specific method and sell a product that performs that method, I don't sell the product on the forum directly but I do showcase it there and sell via another site. So what hole does that fit into?

Another one, I am working on a forum for a local non-profit hobby club which accepts payments from sponsors who then advertise on the site. So what about that??
 
This might be a good time to officially delineate the difference between a "commercial" and "non-commercial" site. In my opinion, there should actually be 3 different designations - non-commercial, monetized, and commercial. The mere presence of some advertising (i.e. monetization) of an otherwise non-commercial site should not put a forum into the same category as a true commercial site (one which is clearly designed and operated to make a significant profit for its owners above and beyond offsetting the operating costs of the site).
Commercial is defined by Creative Commons as using the add-on "in any manner that is primarily intended for or directed toward commercial advantage or private monetary compensation".

This has been a question I have been meaning to ask about as well. For instance, I run a hobby related forum about a specific method and sell a product that performs that method, I don't sell the product on the forum directly but I do showcase it there and sell via another site. So what hole does that fit into?

Another one, I am working on a forum for a local non-profit hobby club which accepts payments from sponsors who then advertise on the site. So what about that??
Any questions you have can be discussed here or feel free to drop me a PM:
https://xenforo.com/community/threads/license-for-all-waindigo-add-ons-cc-by-nc-nd.34155/

My instinct would be that your first site is commercial assuming that someone involved is profiting from the selling of the product, and your second is non-commercial if the money only goes towards the running of the site.

We are always happy to discuss individual cases and make suggestions for an amount that can be donated based on the particular circumstances. All money goes to the charity.
 
Can I ask that you take this discussion elsewhere, likely direct with Waindigo so you can discuss your specific issues? It isn't really related to XF's resource guidelines.
 
Thank you for the guidelines! Very much appreciated!

I just want to mention that all ******* add-ons (even after being updated to comply to his own new "Privacy Info") still download code at installation. Also the description of all his add-ons do not comply to the new guidelines.

There are still a lot of users banned or discouraged at his site just for rating low or criticizing this hidden install and data collection routine. May I suggest a new area where add-on coders can be reviewed? This may help users to protect themselves from coders with such strange behavior.
 
May I suggest a new area where add-on coders can be reviewed? This may help users to protect themselves from coders with such strange behavior.
I like this idea. I'd like to make another suggestion though. It'd be great if it was like the automatic threads for resources, when someone publishes their first add on a thread is created in the "Resource Author Discussion" board where everyone can discuss that author.
 
Thank you for the guidelines! Very much appreciated!

I just want to mention that all ******* add-ons (even after being updated to comply to his own new "Privacy Info") still download code at installation. Also the description of all his add-ons do not comply to the new guidelines.

There are still a lot of users banned or discouraged at his site just for rating low or criticizing this hidden install and data collection routine. May I suggest a new area where add-on coders can be reviewed? This may help users to protect themselves from coders with such strange behavior.
You have to give the guy a chance. This thread was just posted a few hours ago.

We need time to re-think and re-write our installation routines. And then modify our resource posts to comply with the new requirements.
 
You have to give the guy a chance. This thread was just posted a few hours ago.

We need time to re-think and re-write our installation routines. And then modify our resource posts to comply with the new requirements.

The rules are posted. So a new customer here will trust that all add-ons follow them.
I do not remember a date until when the Guidelines will be in effect.

Maybe such a date should be set, if add-ons that do not comply should be available any longer.

I really would like to buy some of *******s add-ons. But under the current code conditions this is impossible.
 
You are being unrealistic.

The rules were posted a few hours ago.
Even if he started work straight away, he still wouldn't have had time to update them all.

A period of time to give authors the necessary time to update their resources will be provided.
 
Top Bottom