I’m really trying not to be negative with this post. The people behind Oxite are good folks and don’t deserve any hate. They have made a mistake, though. A mistake I think needs to be corrected and requires some immediate action.
My advice, if anyone cares:
- Oxite should be pulled immediately until the larger issues (including and especially the major security vulnerabilities) can be addressed satisfactorily.
- Oxite should NOT be used as any sort of Best Practice or official guidance by Microsoft. The Oxite folks have been VERY open and clear that this is NOT anything official or supposed to be recommended guidance. Unfortunately, though, many WILL take it as that no matter how many disclaimers they have to click though.
- If you are not familiar with ASP.NET MVC or MVC in general, you should avoid Oxite for the time being as there are several anti-patterns that may set you off on the wrong footing in the future.
I would prefer not to go into any specific problems Oxite may have. From my days as a consultant, I know that this will be taken as gospel by many and used off-the-shelf with little modification to build many production web applications. This could be a minor disaster for many companies and other organizations who may be the unwitting victim of its problems. This may seem overly dramatic, but if you have not spent any significant time consulting in the .NET space and aren’t aware of things like PetShop or the various ASP.NET quick start applications then trust me, it could become that bad – and fast.
The folks who are involved with Oxite’s development are open to communication and are engaging the community and are working with everyone to try to balance the needs of everyone. However, until its most major issues (including significant security vulnerabilities) can be addressed, I think it would be best to pull it or lock it down on CodePlex to prevent it being referenced by the community and any more confusion spread.
We all have an opportunity to improve the .NET space here and I think we should take this opportunity. ASP.NET MVC will soon be released, and I’d hate for the first major impression of its usage from Microsoft be problematic.
Finally, I appreciate the efforts of the Oxite-involed folks and the sincere attempt at openness and contribution. This is a significant contribution and we are very thankful for this. As much as many members may be upset about Oxite, underneath, I think everyone is appreciative (though we/they may have a bad way of showing it) that this even happened in the first place. This is definitely a step in the right direction. The next step, I think, is to crank up the quality a little more so we can all have our cake and eat it, too!