See a horribly written patch, reject it. See a patch that doesn't comply with the submission rules, reject it. What's so hard about that? For things written properly, reviewing isn't hard.

Linus seems to be doing fine just doing reviewing and not writing any code himself. Plus the whole Linux platform is based on accepting patches to projects. So I don't know what your experience is, but it sure is not the same as my experience.

Yes, it depends on the license, but as mentioned earlier if it's using a non-free non-OSI license, it's not very interesting and we might as well not even talk about any contributions or modifications at all.

"The mess" was fixed exactly because it was open-source.

Once again that's not about any existing downloaders, it's about a hypothetical update client.

And no, this has nothing to do with games themselves, because GOG.com isn't their copyright holder. Therefore they can't do anything about that. But they would be the copyright holder of the update client.

And in general, if you want to make sure a game doesn't phone home, firewall it. With an update client, you can't do that, because being connected to the internet is the point of it.

There is a huge difference on potential publishers' eyes between someone separately sharing (GOG) games on PBay, or most GOG users using a popular GOG client that incorporates the same functionality with a push of a button.

For instance, I've used Bittorrent clients for ages, yet I am unaware how could I even share my GOG games to others as torrents (because I have never put anything in the bittorrent network). Maybe it is easy when you know how, but I for one do not know how to do it. On the other hand, if the GOG client I use had a "share your GOG games to other users"-button or something similar, then obviously I would know how to do it, even if I didn't use the functionality.

I look at this similarly as why wouldn't e.g. Valve make their Steam client or the related API open source. I guess they have their reasons, and they'd probably be the same for GOG.

You probably don't want to know also in the future, but if you would google "upload to torrent" or "create a torrent" I'm sure you would find tons of tutorials and well explained information. It's not difficult although for sure a single button solution would be a little bit more comfortable.

Any bittorent client allows exactly this. Push a button to start sharing anything. That was the whole point of bittorrent. Any publisher knew what the "risks" were when they decided to go the drm-free route. Not that DRM actually hampers those that want to get the pirated copies in any shape or form.

DRM schemes are the snake-oil of this era. They never work yet clueless people still push to have them included in their products.

"Oh no, our work is drm-free it will be pirated!!!" It was but GoG seem to do just fine. Guess there are a lot more people that buy the games than people that download them from various file sharing networks.

Your analogy is flawed. GoG is in the unique position of peddling DRM-free software. Valve is not.

(not that unique)

What about Desura client?

What about them? They are DRM agnostic. They recommend to people to sell DRM-free software but it's up to the devs and/or publishers.

Also, please bear in mind that these "clients", both Valve's and Desura's perform more tasks then just downloading a game. The GoG downloader is just that, a downloader.

Funny, I thought on top of that you'd have to create an account to some torrent site and publish the link to your seed there, as (at least earlier) bittorrent clients didn't seem to have internal search engine.

No, the question was whether additional piracy functions would be added to GOG clients that are widely used by GOG customers, and how the publishers (who have been persuaded to release their game on GOG without DRM) would react to that.

Your argument seems to be that the publishers would be completely fine with that, as otherwise they wouldn't have released their games on GOG after all? I believe there is a huge difference with accepting to release a game DRM-free, and being fine with people pirating it (even more easily than before), and even a GOG client widely used endorsing pirating and sharing the works.

No, it is a perfectly good analogy, especially as there are also DRM-free games on Steam. And it is not about only potential piracy, but also generally: why wouldn't a company (be it Valve, or GOG) want to make their client or APIs open source? There's absolutely nothing in there that makes Valve and GOG different in that regard.

No, for the nth time, we are not talking about the GOG downloader, but about a hypothetical update client!

So did you read my post, or did you skip over it?

Wasted time that could be better allocated actually writing code based on user feedback.

And 99% of the code submitted to the Linux kernel is submitted by kernel developers and even then, based on Linus' raging every couple of weeks the quality of the code is low, and this code is coming from experienced developers (granted, working on something very low level).

Also, the Linux kernel isn't a really good example due to its very nature. Want to see how fun it is managing a large project? Look at the Eclipse contributions, especially the chaos that's happening now with trying to merge fixes into Kepler SR1*.

Also, I wouldn't really call Linux a successful consumer platform exactly due to the bickering between project owners, contributors and the countless forks which drag in each and every way (basically the lack of a unified vision).

Well, the whole having the source code available discussion started from the idea that it would enable people to make sure that they're "safe", whatever in hell that may mean.


* disclaimer: I'm currently tasked with merging a pretty large code-base into the Eclipse one (most of it in the Equinox/P2 engine) and it's proven to be unnecessarily hard to do because everyone is merging left and right in a hurry without actually checking the consequences. I've had more bugs logged due to new fixes in other parts of the code that completely fucked me over (bugs which I can't fix without losing most of my backwards compatibility), so I'm a bit in a bad mood when it comes to reading about how easy it is to do code reviews (pro-tip, it isn't) and how little time it actually takes to make merges to projects.

It would still be less efficient than just accepting patches.

Linux is a wildly successful consumer platform. Most of the smartphones sold today are using Linux. If you're talking about GNU/Linux, then its problem is Microsoft forcing vendors to preinstall Windows on new PCs. The other issues are minor. Forks and discussion is good for the end product, generally.

That sounds like their (and by extension your) problem. A GOG client wouldn't be a large project like that, nor it would be smart for GOG to accept patches willy-nilly, either.

Sure, you can reverse engineer some things. Going through that hard effort is an unnecessary exercise if something is open to begin with. Security concerns can be multiple. From "phoning" to external entities, to doing some weird stuff locally. Take for example Skype which is widely used (I surely don't use it at all). It happened to be not trustworthy. Spying, reporting and etc. It was discovered accidentally by some security researcher by analyzing the traffic. They didn't bother to decompile Skype. It's horribly messed up to complicate reverse engineering. By design.

Well, asking game developers to do something is a different thing from asking GOG to do something with their service/client. This was about GOG who have no direct control over the games, but can select which games to distribute and which not to. So far GOG were careful to reject games with DRM, so they don't accept those which track players or do other such weird stuff. Of course for games like MMOs, that's part of their design, since you have to be connected to the server. But even there, they can do it in a privacy respectful manner. Single player games have no business whatsoever to "phone" anywhere. So I hope GOG will keep this policy by rejecting such DRMed games. When it comes to their service however, GOG have control how to define their protocol, updates procedures and etc.

As others pointed above, nothing prevents potential illegal resharers from using a separate bittorrent client. But I'd guess, the reason Valve keep the client closed is their DRM. DRM is always a black box, at least I've never heard of an open source DRM. So this is completely irrelevant to GOG's case and there is no point to project Valve's messed up ideas to GOG in any way.

I am surprised this hasn't come up earlier. Gog way of doing business is basicly about trust and freedom. Releasing source code is basicly about trust and freedom. See a connection? Sure downloader app is not a piece of code of critical importance. You can always just download files manually. But still, some people may choose to use it so why should they use a mystery black box? (licensing is is a completely different matter, although still important ethically)

Yeah, *everything* can be reverse engineered (unless it is heavily server side) but the sheer amount of resources - time, skill, workhours, etc. - is so insanely high that usually it is milion times easier to just write your own program from scratch.