Maximum transparency

What is Wekan

  • Open Source kanban
  • Translated to about 50 languages by Wekan Worldwide Community
  • Used in most countries of the world, including government of 2 countries, and some hospitals
  • Maximum transparency: Open Source code, possible to self-host and keep data private according to GDPR. Public documentation, public Roadmap and public ChangeLog at https://wekan.github.io
  • Only admin that has installed Wekan and has ssh access to that server has full access to Wekan data and can change forgot password. Wekan in Snap/Docker/Sandstorm is running in secure container. There is no known backdoors. At MongoDB database passwords are hashed, all other data is plain text. If you need serverside database encryption, you can use Percona MongoDB Server. MongoDB is exposed only to localhost, not outside of server. Wekan has brute force login protection and XSS protection.
  • Security researchers send vulnerability reports to Wekan, for these there is Hall of Fame where full details and CVE numbers will be added, after most Wekan users have updated to newest Wekan version. All known security issues have been fixed.
  • Wekan code itself does not have any tracking:
    • Wekan does not load any dependencies from Internet, and does not send any info to Internet. So if you have installed to Wekan to some computer or VM, Wekan also works at local Intranet that is not connected to Internet. For example, Wekan is used at some Intranet with WinXP compatible up-to-date webbrowser when because some Wekan user was not able to upgrade to newer OS because of some other legacy apps. Support for new platforms and browsers continues increasing.
    • For minimum install, Wekan only requires Node.js LTS 12.x, MongoDB 3.2.x – 4.x and .zip bundle from https://releases.wekan.team . There is start-wekan.sh or start-wekan.bat script for settings and starting Wekan, there is no requirement for any specific service manager.
  • Platform specific tracking:
    • GitHub/Docker/Snap have download stats
    • Snap version has per-contry number of servers stats, Wekan code itself does not have any tracking. Exact location is not known. Currently there are about 8k total Snap servers worldwide, where most of users over 1k at Germany and over 1k at USA.
    • UCS version requires registration by email address, and tracks install/update/remove of Wekan by email address of who installed UCS appliance, by sending daily stats to [email protected] .
  • All code Open Source. Licenses: 80% MIT license, and remaining BSD-3-Clause and Apache 2.0 licenses, according to license scan at bottom of this webpage. Free also for Commercial use.
  • Huge amount of features.
  • Free updates for all platforms. Some platforms like Snap have automatic updates.
  • Free Community Support at https://github.com/wekan/wekan/issues where is public questions and answer, without mentioning any private server URLs and any private info
  • Wekan code is from Worldwide Community of about 180 contibutors (companies and individuals) that use their time to send pull requests to Wekan for features and fixes.
  • New releases of Wekan about once a day, with many features and fixes.

Is there Enterprise paid version of Wekan? What are the differences in features?

  • Everything is Open Source and same public version. All platforms at same master branch of https://github.com/wekan/wekan .There is no propietary code. Only difference is paid Commercial Support for new Features/Fixes/Support/Hosting, that also pays the maintenance of Wekan.

How is this possible? Who pays all this?

  • Maintenance: Original Wekan author is Maxime Quandalle (at France), that created Wekan, using Meteor full stack web framework (Node+MongoDB+Javascript code). At 2016-12 Lauri Ojansivu (at Finland, CEO of Wekan Team / xet7) continued maintaintaining Wekan, first year as a hobby, for free. After that, because Wekan Community asked at GitHub issues, xet7 added bounties and Commercial Support for Support/Features/Fixes. At 2020-06 there is in progress getting away from BountySource bounties, so in future only Commercial Support is in use. Maintaining Wekan has continued because of all the encouragement of Wekan Community, payments for Commercial Support, grants from Finnish Unix Users Group, and other non-Wekan related work that Wekan Team does for other clients, like websites, server maintenance, and IT support for Windows/Linux/Mac.
  • Hosting:
    • x64 and arm64 bare metal servers for Wekan development and downloads at  https://releases.wekan.team donated by CNCF that is big part of Linux Foundation
    • Sandstorm version is built with build script by xet7 on CNCF servers. xet7 tests Sandstorm version, and then pushes .spk package to Sandstorm experimental. There ocdtrekkie checks how Wekan works, and releases as official Wekan version for Sandstorm. Sandstorm grain is secure sandbox where Wekan code is read-only and Wekan code can only modify it’s MongoDB database files. Sandstorm grain is only running and using RAM when someone is using it, on other times it’s stopped and does not use any CPU or RAM. Sandstorm packages are hosted by Sandstorm core contributors, and Sandstorm itself is self-hosted.
    • x64 bundle is built by build script of https://github.com/wekan/wekan repo wekan/releases/release-bundle.sh and uploaded to https://releases.wekan.team
    • arm64 bundle version is built by xet7 with maintainer-make-bundle.sh script at arm64 bare metal server from CNCF uploaded to https://releases.wekan.team
    • s390x bundle version is built by xet7 with build script with at IBM LinuxOne Community Cloud (paid by IBM) and uploaded to https://releases.wekan.team
    • Snap version is built so that Canonical’s build server downloads source code directly from GitHub, builds at Canonical build servers, and distributes automatic updates to about 8k servers wordwide where Wekan Snap version is installed. Snap is secure strict container sandbox where Wekan code is read-only and can not access any files outside of /var/snap/wekan/common directory.
    • Docker container version is built by Docker Hub (Docker, Inc) and Quay.io (RedHat) build servers that download code directly from GitHub. They pay servers of their container hosting.
    • UCS version uses Docker container from Docker Hub or Quay.io depending at which one builds fastest, so xet7 adds some Wekan version number to UCS portal for testing. Container is copied to UCS servers depending at which one builds fastest. UCS servers run through some tests and then UCS appliance users can update manually when they have time for that.
    • GitHub repos/issues/wiki servers are paid by Microsoft.
    • Wekan Community Chat PWA server is hosted and paid by Vanila that is UX and Development Company. They have community website that covers wide range of UX and Development topics. Vanila has made custom modifications to community software to get it running on their own servers. Summaries of public discussions are sent as email to community participants, and there is also private “Messages” feature for private messages.

What does prepaid Commercial Support include?

Why it is prepaid?

  • Story 1: Because once a customer ordered big postpaid feature, developing it did take about 6 months, and then customer did not pay. Unfortunately, monthly bills like rent etc do not wait for payment for that long.

How much time it takes to develop a feature a fix?

  • All paid features will be implemented
  • Coding some features can require many times of trying to implement, because first way can possibly break some other Wekan features. Wekan has a lot of interdependent advances features, so it requires some time to get all features to co-operate. Wekan is result of total 13 years of coding work, similar to any other advanced Enterprise Software.
  • Previous features did take something from one day to 9 months
  • Story 2: Once customer would liked to order a big feature, but would have required it to be ready next week, or he would not order that feature. Big features require a lot of changes to many places at Wekan code, there was not enough time to implement it, so customer did not order that feature.
  • Story 3: At 2019-12 customer ordered feature. Wekan Team started developing immediately, so customer expected it to be ready at the same month, but it was ready after 3 months. It is hard to estimate.
  • Summary: Feature is ready when it is ready.

Is there a quarantee or separate contract for feature/fix payment?

  • Wekan Team has proven track record of maintaining Wekan and implementing features and fixes to Wekan for 3.5 years.
  • Please be patient, and sometimes (not too often) send a friendly reminder asking for status, or can you provide some additional help or info to get more progress. In general, Wekan is friendly community, and maintaining Wekan is continued because of encouragement and support from Worldwide Wekan Community.
  • There is no separate contract. Please keep safe payment receipt.
  • There is no separate quarantee. Payment is not returned, feature/fix will be implemented.