Posted December 31, 2014
sqlrob: Given the requirements posted, any architect or developer that did this would've been out the door so fast it would've been spinning. Not like it's hard to find a way to securely protect an archive without password protecting it (yes, I know that couldn't be used directly, but the method is perfectly valid). I'd give junior devs a pass for implementing what they were told, but if a senior dev didn't at least object they'd be out as much as the architect.
Seriously now you need to put things in perspective here, it's not some kernel drivers controlling the cooling of a nuclear reactor we are talking about, but some installer, basically a glorified self extractor. It might not be what some peoples consider to be the most elegant solution, but apparently it cover the very basic features GoG wanted from it (prevent the average joe from accidentally extracting the installer, etc... ). Like I said I doubt that having a 100% tamper proof installer was really very high on their priority list.
What secure ? they wanted to prevent non-technical peoples from being able to do something stupid with the installer, they weren't creating some e-banking application. And what "secure networking code" ? Galaxy is basically a downloader with some multi-player component what are you afraid it could do ?