Since I was very active this past week in discussing the security issue in these forums, it seems appropriate that I offer an apology as well. For those folks who think I overstepped my boundaries or acted unprofessionally, I do apologize. The problem I have is that after pouring my heart and soul into DotNetNuke for the past 5 years, I have a very difficult time sitting idly by while other parties erode the reputation of the project. In fact, in the future, I can not guarantee that I will not act in an equally defensive manner should an event like this transpire again. I am sure cooler heads than mine may prevail; however, I have too much invested to not react with extreme passion and loyalty when the project and community is jeopardized.
In reading John's apology, I really hope that the following comment was made with full sincerity:
"we will be more careful about how we communicate the information as well as ensure the core team is envolved earlier in the process"
If I still sound doubtful, it is because the wounds are still fresh. Like any relationship, when the trust is compromised, it takes time to mend fences and re-establish your bearings. If certain actions had been taken much sooner by PowerDNN, I would have most certainly dismissed the whole thing as being unintentional. However, the press release on PRWEB which culminated the entire issue on Friday still makes me scratch my head.
I can understand that PowerDNN wanted to ensure its customers were safe. But a press release on PRWEB is distributed to the entire world - with the vast majority of the recipients being non-customers. For many of these people, the first impression is what matters most and if they read something about an application not being secure, they will immediately assume the worst and will never take a look at it again. For years, we have been trying to build confidence and trust around DNN, and to have that eroded so easily feels devastating.
John also indicates:
"There has been much talk amongst members of the community that we intend to push our own "version" of DotNetNuke."
I have also heard these rumors over the past week, and I can probably shed some light on how they originated. If we take a look at the language used in the recent newsletter sent to all PowerDNN customers ( and later posted in these forums ):
"As a PowerDNN customer, you have many advantages available to you that no-one else in the DotNetNuke community can provide. The foremost of these is that you are not running a standard "vanilla" version of DotNetNuke. You are running PowerDNN - a customized build of the DotNetNuke Web Application Framework."
It seems very clear that PowerDNN is being position as a "product" rather than a "service" - and that it is indeed a different "version" than what is offered by us.
Now, a lot of people don't realize that the actual definition of a software "product" is any piece of intellectual property ( IP ) which is licensed by the owner for use by other people. In DNN's case, DotNetNuke Corporation owns the copyright for the DotNetNuke application and offers it for use by the community under a very liberal open source license.
Legally speaking, our license actually does allow PowerDNN ( and other members of the community ) to redistribute our application as their own "product" or "version". However, the one thing which they can not do from a legal standpoint, is purposely mislead the general public into believing that their "customized" version is in fact the true DNN application.
To protect the integrity of the brand and the product, we do not allow third parties to distribute customized versions of the application under the DotNetNuke or DNN trade names. The legal instrument used to enforce this is known as a trademark, and we originally published our trademark guidelines for the project back in 2005.
Now it is important to understand that we deeply appreciate the complementary products and services offered by our partners, as they are largely responsible for the vibrant commercial ecosystem which exists today. Therefore, in stark constrast to the strict approach which other organizations take with their trademarks, we have purposely been very accommodating to our community members. Basically, much like our open source license, we simply ask that Notice be provided so that it is clear to consumers on who is ultimately responsible for the DNN product. And when you consider the incredible value which is being offered at no charge, we think that providing Notice is a very reasonable expectation.
( "Notice" simply means to include a statement such as "DotNetNuke and DNN are trademarks of DotNetNuke Corporation" as a footnote in your media communications )
So this brings me to my second point on why people may have come to the conclusion that PowerDNN is pushing its own version.
The fact is, PowerDNN is currently not providing any Notice in any of its media channels ( ie. website, press releases, etc... ). They refer to the brand extensively, and the marketing efforts often seem to purposely suggest that PowerDNN are in fact, the creators and suppliers of the DotNetNuke platform. For example, when you visit the PowerDNN website and it reports in the title bar of the browser that it is running "[DNN 5.0.0 Cambrian Cluster on Windows 2008]" it is clearly using deception to try and lure search traffic related to these terms. Obviously, these types of claims are misleading and are the precise reason why we have our trademark policy in place.
Now, to be clear, we have formally requested that PowerDNN provide the very basic Notice on its properties, but so far the responses have not been favorable. In contrast to other organizations in the ecosystem who just need gentle reminders to reinforce why the brand is so critical to the long-term health and prosperity of the project, PowerDNN has been downright hostile. This is yet another reason why I have a hard time believing the recent security events were unintentional.
In closing, I personally feel it would go a long ways in terms of restoring our relationship if PowerDNN made a true effort to live up to the following statement:
"We love DotNetNuke and we respect DotNetNuke, and it is our responsibility as a member of the community to do what we can to ensure it's longevity and success."