ZFR: Yes, while LPE is potentially a serious vulnerability, in practice there is a tiny chance this will affect you. If you practice basic security it won't be an issue and if you don't then you've got much bigger issues to worry about anyway.
Nonetheless, what's really appalling is this:
2.) In private communication on May 12, I made note that I strongly suspected this would require an extensive re-design, and that I would be happy to help (for free) to ensure that a proper & comprehensive fix would be shipped to end users. No response regarding this offer was received (in fact, no response was received at all until the deadline had passed).
ZFR: If what the guy says is true, then this speaks volumes of what is wrong with GOG. I don't know who dropped the ball here, whether it's programmers, management, support or a combination of them, but that person(s) is a moronically moronic moron. The issue is still a potentially serious threat and they were given every opportunity to get it fixed and they just... ignored it?
Seriously?
"The hired individual will need to work in-house, in our office based in Warsaw, Poland.", I feel is entirely a large part of the problem. Think of it. Who wants to drop everything to go live anywhere from 2000 km to 7000 km away from friends & family, with no guarantee of hire or job security? Especially with no potential idea of wages, idea of cost of living or housing opportunities.
Especially galling during these times especially.
If you're a systems security expert with a cushy job in Dublin, what would GOG have to offer that would possibly entice an individual to indeed, GO ALL THE WAY TO WARSAW, instead of working a remote post?
Edit: I'm aware (but keep forgetting) that they have an office in LA. That's not exactly an improvement in terms of enticement.
