Sorry Mitch, I trust Navin Nagiah, he is CEO DotNetNuke Corporation he must know.

Jan

I didn't want to get involved in this as I'm waiting for official corp posts, but thoght that last post was deserving of a few points

1. Navin blogged about the problem with the press release the other day @ http://www.dotnetnuke.com/Community/Blogs/tabid/825/EntryId/2190/We-are-sorry-about-our-poor-choice-of-words.aspx 

2. "offers of many hundreds of thousand of dollars to get their infrastructure right" - news to me, and I'm sure news to the corp members -i have no idea where you're getting this from Nina

3. There is only 1 source code repository for the core code the PE version simply overlays a few elements during the build process (e.g. new skin, licence module). All security analysis is done on the core repository and all fixes go into it. I'm hoping this was a genuine question and not an attempt to cause some fear-uncertainty-doubt. As the person primarily responsible for doing the security analysis of core and modules, as well as making the majority of security related fixes/bulletins/documentation etc, I find any sort of suggestion that I would hold back security releases to help the corp make money very insulting.

4. whilst it isn't posted on dotnetnuke.com yet - there are a few posts such as http://www.dotnetnuke.com/Community/Forums/tabid/795/forumid/-1/threadid/289748/scope/posts/Default.aspx which show the offering which states  "Security and update email notifications "

Now, I appreciate that people are keen to get the exact details of everything so they can make their own judgements, and trust me the core/project leads have made sure the corp know this, so expect a lot more public information in the not too distant future. However, I don't know how helpful speculating on worst case scenarios is, possibly it's time to take a deep breath and wait for concrete information from the corp.

Thanks,

Cathal

Cathal

I really don't think Nina was making any attempt to raise doubt as... to be honest DNN Corp is raising this doubt with everything i am reading.

As you would find such a suggestion insulting this is something you really need to look at the DNN Corp as I am getting a strong feeling the points Nina mentions regarding security are throughout the wording used by DNN Corp.

Per emails sent out from DNN Corp:

DotNetNuke Professional Edition contains all the powerful, usable and extensible features that have made the DotNetNuke Framework so successful, with added security, support and stability features required by many businesses for mission-critical environments.

As soon as I read this I had significant concerns raised and that had absolutely nothing to do with what Nina has said.  What you are saying now contradicts this so I really don't know what to think...

Is this core publicly available with all security analysis and fixes? (as you say here)

or

Does the DotNetNuke Professional Edition contain added security? (as the DNN Corp are telling others via email)

On another note, which does relate to all of this when considering business decisions... the cost of the PE and being for small to large businesses is simply beyond the scope of many small businesses, particularly my one in Poland.

What really is the difference with the Professional Edition?   Although my very first thought before hearing any details had been some excitement of additional affordable extras, for me now I am only seeing concerns being raised and getting a feeling things will head backwords for Community Edition users (core community modules like the Forums already barely surviving).