The example of lgogdownloader was a good one. Do people go to GOG when they have problems with it? No, the go to the developers and that support thread. Somehow people aren't that dumb as you might assume and they can figure out whom to ask for help. I guess with bigger scale you might get more false expectations, but it should be a reason not to open the client.

Not saying they won't catch it, simply that it can cause unnecessary issues than can effect average joe... wasting supports time than can be better spent supporting there own product. Not to mention as I said before, giving out your source code makes it so much easier to compromise security and even can lead to theft of property if someone takes the source code and makes a client that they sell or pass off as there own creation.

Regardless what I think or you think doesn't matter, GOG will do what they think is best.

How do you know if people contact GOG support about that... just because people ask questions from the developers doesn't mean support doesn't get contacted about it. And yes I think we can agree Galaxy will be a larger scale when compared to GOG downloader.

This is nonsense. Opening code doesn't compromise any security. On the contrary, it gives more potential to improve it. May be you can elaborate on what you meant? Because as is, that statement doesn't make any sense.

How familiar are you with FLOSS licensing? What I am talking about here are legal issues. Not technical issues. The GPL (which id Software as an example has used for all their source code releases) is a so called copyleft license: https://www.gnu.org/copyleft/copyleft.html

Concretely this means that any libraries that a GPLed project uses must be under a GPL compatible license, this would include any libraries that the Galaxy client provides for games to make use of. That is a license that allows you to combine the code under it with GPL code(for example via linking) and distribute the resulting work under the GPL. See: https://www.gnu.org/licenses/gpl-faq.html#WhatDoesCompatMean

A (non-exhaustive) list of GPL compatible licenses are available here: https://www.gnu.org/licenses/license-list.html#GPLCompatibleLicenses

FYI: https://en.wikipedia.org/wiki/Security_by_obscurity

I'm not familiar at all. That is why I'm asking.

So, again, can a GPL client connect to a non-GPL server? Or must both the client and server be GPL? Seeing how GPL browsers can connect to IIS servers, I assume that only the client libraries must be GPL, and one is free to use whichever version of said libraries he wants. Am I mistaken here?

Because like all things, when you have the source code it's easier to find vulnerabilities in the code... yes eventually this can lead to a more secure platform... but vulnerabilities are always shared around, so until fixed they make the platform more open and acceptable to vulnerabilities.

Not to mention, it can lead to other issue such as people releasing code they don't own, removing copyright or other things, removing code that is meant to stay intact by the licence or claiming they created something they didn't.

Look, right now, you're grasping on straws. The probability of people contacting support over an unofficial client, or even getting one, is very low. Simply put: The advantages outlined earlier in the thread far outweight a very small overhead for support, if there even is any (remember, a community as big as GOG's would probably take part in resolving bigger issues with the downloader, which would lead to less support tickets if GOG decides to incorporate the changes.)

That's nonsense. Read on 'Security trough obscurity'

So? For one, it's a free application. Second, it's extremely easy to tell these cases, and if GOG built their copyright properly, they can sue the crap out of such occurence.

Open sourcing such software works like this:
GOG writes an application and then makes it public. People may create so-called forks (or branches) of this application. Simply put, it means that they can take the current version of the application and make their own changes to it - after this occurs, you'll have an official GOG Galaxy and JMich's Galaxy - two separate applications, which just share parts of code.

Now if GOG opts to do so, they may freely decide whether or not they want to incorporate changes from JMich's application into the official one. So let's say JMich is annoyed that GOG Galaxy lacks strippers and blackjack, and modifies the GOG's client to contain those. Now GOG looks at that modification and thinks "It would be real cool if our client contained strippers and blackjack officially!", so, depending on how they build their copyright agreement, they can ask JMich if he's okay with joining his changes with their application - and if he is okay with that, they will get free work done for them. They can even build the copyright in such a way that they could officially incorporate changes without saying a word to the original author, altho that would be not cool.

So there. It's basically free development for GOG, and customers would be able to add their own requested features.

Almost.

Damn, I always get that reference wrong.

I don't care if they want to add strippers and blackjack, I want hookers and blackjack. Strippers are usually "Look, but don't touch"...

I never claimed it would be a big issue or that it doesn't have advantages. I just agree those advantages are worth doing that right now. Let the client get released, stable, and feature packed... before we think about this.


That doesn't change the fact... it just hands them the vulnerability on a silver plate rather than then discovering it.

Even free applications need to be protected. Legal action can sometimes be costly and in the long run not worth it in these matters... but that doesn't mean it doesn't have an effect a free product.

here is good example of it happening , i was looking into a slew of emulator apps on android specially paid ones and decided to look into one called md.emu.

It turns out the creator of the app took the other open source programs ,tied them together and sold the his own clone of the open source as paid app.
One of the emulator creator had to modify the license to prevent paid abuse
[url=http://ouyaforum.com/showthread.php?3122-Discover-MD-emu-(Sega-Genesis-Mega-Drive-emulator)-Robert-Broglia&p=36821&viewfull=1#post36821]http://ouyaforum.com/showthread.php?3122-Discover-MD-emu-(Sega-Genesis-Mega-Drive-emulator)-Robert-Broglia&p=36821&viewfull=1#post36821[/url]
i think gog should keep their client to themselves and seek improvements and suggestions from the community drm free is a huge ocean

here is the app created from open source stuff being sold https://play.google.com/store/apps/details?id=com.explusalpha.MdEmu

Why? Fans can help out with introducing and polishing those features.

You do realize sole focus of a hacker is to find such vulnerabilities in a closed-sourced software, right? If such issue is present, it will get found and exploited. This way, at least chances are fans of the service will find them first. As I said, if you want proper arguments, read on security trough obscurity. In IT world, it is widely recognized as a rather crappy way of securing your application, and guess what? Vast majority of security protocols are open-sourced. Take a guess why.

Your argument would only sort of kind of work if Origin, Steam and Uplay never got hacked. As it stands tho...

Oh sure, legal action can be costly and lengthy. Now do tell me: What use would anyone make out of client that's completely tied to GOG's servers and their service? As I said previously in the thread, GOG doesn't do anything new in the industry, so everyting they are implementing should be practically useless to anyone but GOG. And rewriting the application to suit another project would be more work than just using freely accessible resources to write it from the scratch. Even making a GOG client lookalike to steal private data would be easier to write as an entirely new thing.

Applies to you as well, liquidsnakehpks. What use would GOG client completely tied to GOG servers be to anyone outside of GOG? This line of reasoning just doesn't make a lot of sense. Not to mention the fact that even if somebody managed to snatch ALL THE STUFF, GOG client is an extension of their storefront, based on their popularity. It would be of no use without these components.

Just... What you guys are putting at display is the irrational fear of open sourced software that I was speaking of earlier. You don't actually have many strong arguments and I would dare to say that you don't actually understand or watch the issue very closely, you just dislike it.

Its not that hard to run servers that mirror like gog servers, the point is open source isn't exactly 100% simple, honest and secure as you mention it to be . From what i have seen in the last few pages there are like 3 people who want it to be open source.

Anyone with a different intention can make improper use of the code and get away with it.

i am sure gog will make the right choice