1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

What about security patches for free?

Discussion in 'XenForo Pre-Sales Questions' started by jaygatsby, Apr 25, 2011.

  1. jaygatsby

    jaygatsby New Member

    I understand that, after the first year, the upgrades will cost about $40/year.
    That's right: new features have a cost. If someone doesn't want to pay can download one of the free ones. But... what about security?
    If a security patch is released after my subscription expired I'm pratically forced to buy the upgrade. Even if I don't need the new features and the version 1.0 would have me pleased forever...

    It would be nice if at least security patches could be released for free... ;)
    Lone Wolf likes this.
  2. Wuebit

    Wuebit Well-Known Member

    New code = new costs
  3. Jamie

    Jamie Well-Known Member

    I agree with Vodkaholic, although you're not really wanting any new features, it still takes time and energy to code and release patches. I also think the $40 per year is very reasonable... I mean we all spend that much on a night out or dinner for two, so why shouldn't we expect to spend a little money to maintain our site?

    Plus and this is the biggest reason, I think if they offered things like this for free the warez community would benefit more than the people that are actually buying and supporting xenforo, and I think everything should be done to stop or slow this type of 'help'.

    Vodkaholic likes this.
  4. kyrgyz

    kyrgyz Well-Known Member

    Am I smelling a double standard here? Wasn't there uproar about letting vB3 license holders to get security patches after expiry? Why should XenForo be treated any different in this regard?
  5. Jamie

    Jamie Well-Known Member

    Couldn't be a double standard on my part as I wasn't part of that uproar... I have moved on to IPB before that all went down.

    Had I been in that debate, I think the biggest 'uproar' had several issues attached to it. 1. There were people that couldn't or wouldn't convert to vB 4.0 and needed to run 3.8 until something became stable, so their choices was limited. 2. In this aspect we're talking about something current and maintained (xenforo) in that debate they were talking about something that was EOL and won't being maintained except for security patches.

    There are other reasons that make this question a bit different that the vB 3.8 debate... but in the end I would side on the we need to pay for what we get crowd. If I use the products, then I believe in paying for support... features, security patches or whatever...

  6. kyrgyz

    kyrgyz Well-Known Member

    I disagree on forcing people to buy subscription for access to security patches. This should come as a free option 'cause security holes can inflict great harm to websites and their users. Charging for it would make XenForo the same gready beast as IB, imho.
  7. Jamie

    Jamie Well-Known Member

    Greedy Beast? At $3.33 USD per month? 11 cents per day? Greed? Really? No, I don't agree at all. Every company has the right to charge what they think is fair and at $40 per year, I can certainly handle this price and agree with it wholeheartedly but this is of course, only my opinion. :)

  8. a legacy reborn

    a legacy reborn Well-Known Member

    It would be nice to hear an official statement.
    kyrgyz likes this.
  9. kyrgyz

    kyrgyz Well-Known Member

    This is not about the amount. It's more of customer care. If XenForo decides to charge for it than it's gready.

    Say I am short on funds at the time of the discovery of the security hole. I'll be left wide open to the vulnerability.
  10. John

    John Well-Known Member

    Say I'm short on funds and my pantry is empty...is the grocery store greedy if they won't give me some free food? At some point the entitlement mentality has to come back down to earth ;)
    Jamie likes this.
  11. Jamie

    Jamie Well-Known Member

    Really? So when you buy a TV or something expensive and they don't offer the extended warranty for free it's being greedy? We will have to agree to disagree on this one I guess..

    Honestly... if you can't set aside $40 per year because you know you're going to need it to maintain your site, maybe you shouldn't be running a site.. I am not directing this at you, but the example you used. People that run sites need to know there are costs involved and it's up to the Admin to be capable of running, paying and maintaining their site.

    I am doing to back out of this thread as we are both of different sides of the debate. That's ok as everyone has their opinion, but it won't do any good to thrash it back and forth.

  12. kyrgyz

    kyrgyz Well-Known Member

    So, demanding safety of a commercial product is considered unjust entitlement? Physical products are recalled free of charge when defects discovered. Never heard of otherwise. Why should software products be treated differently?
  13. kyrgyz

    kyrgyz Well-Known Member

    Yep, let's agree to disagree. Official response would be greatly appreciated though.
  14. AdamD

    AdamD Well-Known Member

    $40 for 12 months of support and upgrades is aok with me
    Considering IB/VB charged $60 for THREE months, I'd say it's a darn good price.
  15. Fufu

    Fufu Well-Known Member

    License Agreement

    I believe the pricing structure works the same as it did during the vBulletin 3.x days. You pay a initial purchasing fee (owned) + plus you get 1 year of updates included with your purchase. After your one year is up from the day you bought the software, you decide if you want to pay for another year of updates. If there is a security patch for your version then you will receive the security patch free of charge for your version.

    Say your license agreement expired on 1.0.1 and it is stable. 1.0.5 was released much later, yet it had a security issue. You would not get a patch, unless you had 1.0.5. If a security flaw was discovered in previous version like 1.0.1, but was not discovered until 1.0.5; then you would have to pay for the maintance cost to update your software to 1.0.5 to fix the security flaw. The xenForo development team will notify all license holders that version 1.0.3 and above must update to 1.0.5 patch 1 to receive the security fix. Although the event is unlikely, but possible.

    xenForo should add a clause about this.
    kyrgyz likes this.
  16. Enigma

    Enigma Well-Known Member

    Security patches? What security patches? :looks around: (j/k, but I had to) ;)
  17. lazer

    lazer Well-Known Member

    If you care about your community and its future security and stability then you will view the low cost of annual upgrade subscription as a worthwhile expenditure. I do.
  18. kyrgyz

    kyrgyz Well-Known Member

    Waiting for the official confirmation on the above statement as it isn't spelled out in the License Agreement.
  19. Lone Wolf

    Lone Wolf Well-Known Member

    I agree that the $40 cost isn't excessive if you are running one XF license. However some people can have upto a dozen or so licenses and for them you're talking about a cost of nearly $500 a year just to keep the software up to date.

    I fully agree with the OP that security patches should be free for a reasonable period after purchase. EG maybe 5 years.

    However additional features, etc should be subject to an annual fee (eg the $40). Personally I would pay the $40 because I like to customise my forums with all the latest functionality.

    But I repeat, essential security updates for a paid for program should be free for a reasonable period. Even the evil Microsoft allow 'non-genuine' versions of Windows to receive free security updates
    jaygatsby, kyrgyz and Tomble like this.

Share This Page