I know that but my question is more : how being able to run said installer through Wine like Truido mention render the official argument for locking moot ?

Password? Really?

2015 best movie title is
The fall of GOG: In the beginning.

:(

I can't believe this.

If this is real, then this is a huge disappointment. I thought GOG was 100% supportive of DRM-free gaming.

Welcome to the club of disappointed GOG users who liked it for being DRM-free :)
Yeah, keeping those on top of wishlist improves visibility and makes it harder for GOG to ignore.

We can stop buying things from them until they start treating us with some respect. I've grown rather tired of them being patronizing and outright lying to us. And the more sick of it I've gotten the less I've bought. Whereas in the past I bought a ton of games here, now I think I've only bought like 2 in the last several months.

Since whenever it is I got pissed off at them for lying about the Wasteland 2 patch situation. And even before that I had throttled back my purchases, but things like that make me not want to spend money on games from companies that are spoiled rotten.
And yet people will still insist that this isn't DRM. If they were concerned wtih malware and whatnot, they could just post the SHA256 and MD5 checksums for the files on the site, then people could verify not just that they hadn't been tampered with, but that the files haven't been corrupted either. Seems to me that this is more of an excuse for DRM than something that requires it.

The EXE is already signed so Windows will complain if it's tampered with. Last I heard, the whole point of RARs over InnoSetup bundling was so they could be modified by the GOG installer devs without rebuilding the entire multi-gigabyte file set. As I understood it, as it relates to malware prevention, the password was supposed to substitute for a hash check embedded in the EXE.

However, since the RARs don't appear to contain any kind of digitally-signed manifest of expected contents or other verification mechanism based on asymmetric crypto, that means that anyone who can get the password can inject malware without the EXE signature doing anything to stop it.

The logic here is sound, you're just not terribly bright.

If the average Joe is going to be downloading random things off a pirate site, and can't be bothered to verify that the file hasn't been tampered with, he deserves whatever he gets. If he doesn't know how to do it, then how on earth is he managing to download things off of pirate sites via torrent?

Seems to me like you haven't thought your objection through thoroughly enough and are hoping that I won't notice.

And still no official statement.

Come on GOG, don't let us down...

+1.

Well, I submitted my support ticket today. Any of you do this 'social media' thing? Does gog.com have a presence that could do with being publically asked what gives?

They have a bunch of links in the site footer.

It is great to finally hear from you, and I agree that this came out at the worst possible time of the year for everyone concerned. Please don't let us down.

GOG is a bit unlucky here. If you claim that you want to protect GOG customers of people who can insert malware (which anyway can never happen to a customer who only downloads from GOG ;) ) then you cannot also say that you won't make it harder. A lock that is not the hardest possible lock is next to useless and should rather be abolished. The neither one thing nor the other situation is a bit unsatisfying.