• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

What about security patches for free?

#1
I understand that, after the first year, the upgrades will cost about $40/year.
That's right: new features have a cost. If someone doesn't want to pay can download one of the free ones. But... what about security?
If a security patch is released after my subscription expired I'm pratically forced to buy the upgrade. Even if I don't need the new features and the version 1.0 would have me pleased forever...

It would be nice if at least security patches could be released for free... ;)
 

Jamie

Well-known member
#3
I agree with Vodkaholic, although you're not really wanting any new features, it still takes time and energy to code and release patches. I also think the $40 per year is very reasonable... I mean we all spend that much on a night out or dinner for two, so why shouldn't we expect to spend a little money to maintain our site?

Plus and this is the biggest reason, I think if they offered things like this for free the warez community would benefit more than the people that are actually buying and supporting xenforo, and I think everything should be done to stop or slow this type of 'help'.

Jamie
 

kyrgyz

Well-known member
#4
Am I smelling a double standard here? Wasn't there uproar about letting vB3 license holders to get security patches after expiry? Why should XenForo be treated any different in this regard?
 

Jamie

Well-known member
#5
Couldn't be a double standard on my part as I wasn't part of that uproar... I have moved on to IPB before that all went down.

Had I been in that debate, I think the biggest 'uproar' had several issues attached to it. 1. There were people that couldn't or wouldn't convert to vB 4.0 and needed to run 3.8 until something became stable, so their choices was limited. 2. In this aspect we're talking about something current and maintained (xenforo) in that debate they were talking about something that was EOL and won't being maintained except for security patches.

There are other reasons that make this question a bit different that the vB 3.8 debate... but in the end I would side on the we need to pay for what we get crowd. If I use the products, then I believe in paying for support... features, security patches or whatever...

Jamie
 

kyrgyz

Well-known member
#6
... but in the end I would side on the we need to pay for what we get crowd. If I use the products, then I believe in paying for support... features, security patches or whatever...
I disagree on forcing people to buy subscription for access to security patches. This should come as a free option 'cause security holes can inflict great harm to websites and their users. Charging for it would make XenForo the same gready beast as IB, imho.
 

Jamie

Well-known member
#7
I disagree on forcing people to buy subscription for access to security patches. This should come as a free option 'cause security holes can inflict great harm to websites and their users. Not doing so would make XenForo the same gready beast as IB, imho.
Greedy Beast? At $3.33 USD per month? 11 cents per day? Greed? Really? No, I don't agree at all. Every company has the right to charge what they think is fair and at $40 per year, I can certainly handle this price and agree with it wholeheartedly but this is of course, only my opinion. :)

Jamie
 

kyrgyz

Well-known member
#9
Greedy Beast? At $3.33 USD per month? 11 cents per day? Greed? Really?..
This is not about the amount. It's more of customer care. If XenForo decides to charge for it than it's gready.

Say I am short on funds at the time of the discovery of the security hole. I'll be left wide open to the vulnerability.
 

John

Well-known member
#10
This is not about the amount. It's more of a customer care. If XenForo decides to charge for it than it's gready.

Say I am short on funds at the time of discovery of a security issue with the software. I'll be left open to the vulnerability.
Say I'm short on funds and my pantry is empty...is the grocery store greedy if they won't give me some free food? At some point the entitlement mentality has to come back down to earth ;)
 

Jamie

Well-known member
#11
This is not about the amount. It's more of a customer care.
Really? So when you buy a TV or something expensive and they don't offer the extended warranty for free it's being greedy? We will have to agree to disagree on this one I guess..

Say I am short on funds at the time of discovery of a security issue with the software. I'll be left open to the vulnerability.
Honestly... if you can't set aside $40 per year because you know you're going to need it to maintain your site, maybe you shouldn't be running a site.. I am not directing this at you, but the example you used. People that run sites need to know there are costs involved and it's up to the Admin to be capable of running, paying and maintaining their site.

I am doing to back out of this thread as we are both of different sides of the debate. That's ok as everyone has their opinion, but it won't do any good to thrash it back and forth.

Jamie
 

kyrgyz

Well-known member
#12
Say I'm short on funds and my pantry is empty...is the grocery store greedy if they won't give me some free food? At some point the entitlement mentality has to come back down to earth ;)
So, demanding safety of a commercial product is considered unjust entitlement? Physical products are recalled free of charge when defects discovered. Never heard of otherwise. Why should software products be treated differently?
 

kyrgyz

Well-known member
#13
I am doing to back out of this thread as we are both of different sides of the debate. That's ok as everyone has their opinion, but it won't do any good to thrash it back and forth.
Yep, let's agree to disagree. Official response would be greatly appreciated though.
 

AdamD

Well-known member
#14
$40 for 12 months of support and upgrades is aok with me
Considering IB/VB charged $60 for THREE months, I'd say it's a darn good price.
 

Fufu

Well-known member
#15
License Agreement

I believe the pricing structure works the same as it did during the vBulletin 3.x days. You pay a initial purchasing fee (owned) + plus you get 1 year of updates included with your purchase. After your one year is up from the day you bought the software, you decide if you want to pay for another year of updates. If there is a security patch for your version then you will receive the security patch free of charge for your version.

Say your license agreement expired on 1.0.1 and it is stable. 1.0.5 was released much later, yet it had a security issue. You would not get a patch, unless you had 1.0.5. If a security flaw was discovered in previous version like 1.0.1, but was not discovered until 1.0.5; then you would have to pay for the maintance cost to update your software to 1.0.5 to fix the security flaw. The xenForo development team will notify all license holders that version 1.0.3 and above must update to 1.0.5 patch 1 to receive the security fix. Although the event is unlikely, but possible.

xenForo should add a clause about this.
 

lazer

Well-known member
#17
If you care about your community and its future security and stability then you will view the low cost of annual upgrade subscription as a worthwhile expenditure. I do.
 

kyrgyz

Well-known member
#18
..If there is a security patch for your version then you will receive the security patch free of charge for your version.
Waiting for the official confirmation on the above statement as it isn't spelled out in the License Agreement.
 

Lone Wolf

Well-known member
#19
If you care about your community and its future security and stability then you will view the low cost of annual upgrade subscription as a worthwhile expenditure. I do.
I agree that the $40 cost isn't excessive if you are running one XF license. However some people can have upto a dozen or so licenses and for them you're talking about a cost of nearly $500 a year just to keep the software up to date.

I fully agree with the OP that security patches should be free for a reasonable period after purchase. EG maybe 5 years.

However additional features, etc should be subject to an annual fee (eg the $40). Personally I would pay the $40 because I like to customise my forums with all the latest functionality.

But I repeat, essential security updates for a paid for program should be free for a reasonable period. Even the evil Microsoft allow 'non-genuine' versions of Windows to receive free security updates