Except the code is right there under your nose, and you can clearly see everything it does... you like it? use it. you don't? either modify it, or don't use it, you can always manually add games to the frontend, it's not that the plugins are mandatory

At the end of the day, if the platforms on the other end of the integration won't offer official support, then how can GOG offer official support?
The other stores could brake compatibility at any time, for whatever reason, and since they offer no support, they would not be required to fix anything, which will instead be GOG's sole responsability... not going to happen

It's like offering official Win 95 support when Microsoft have dropped it aeons ago... words have meaning, and labelling something "official" carries some specific weight

Apparently that they will not do this. I wanted to add Witcher 3 GOTY from Steam to GOG. Installed GOG Galaxy 2.0. Went to integration, saw that nice LOGIN window that required me to enter my Steam login data...

And was like "im out". No way that i will enter my Steam credentials in some unofficial github plugin. Even worse, in the web-browser window without address bar.

These GOG developers, what are they thinking about? Rely on "FriendsOfGalaxy" until some hack or data breach hits them really hard?

One of the major official features and its half-assed. This is some next level of software development i must say.

Look, people, they have to show how awesome they are, by giving away Witcher 3 once you connect platform(s) where you played. And looking cool in social media as well. And they also have PRIORITIES by importing GWENT on STEAM. Hope it clarifies everything.

I will just grab that freebie Witcher 3 game and uninstall it. The big advertisement of the client, the connection of all platforms, is destroyed once you realise it's done by 3rd-party people. And their OFFICIAL integration is XBOX ONE, not STEAM, the biggest PC platform. Whoever thought that in the board room, should have been kicked and ridiculed out of the room.

And another cool feature they had was GOG Connect, which got thrown out of the window.

Once Cyberpunk 2077 is released, it will be a huge sh*tstorm for GOG Galaxy 2.0.

You can install any "community" plugins you want for the platform from any source.

However, the Github integration exclusively relies on FriendsOfGalaxy repositories.

So I would say, for GOG's liability for the plugins:

1) GoG lists some community plugins as "recommended".
2) The FriendsOfGalaxy Github repositories are hard-coded into Galaxy. The user does not have to enable them or opt-in, and in fact, there is no way to opt-out.
3) You can't add any additional Github repositories as sources. You can add additional plugins manually, but you can't use Galaxy's built-in functionality to search for or install them.
4) Galaxy provides no indication as to where the integrations come from. There is no link to the Github repositories. The only way to discover it is to look at the manifests in the plugin directory.

I understand and appreciate what GOG is trying to do. Users want integrations. Platform lock-in sucks. We should have robust data ownership rights that let us access our data on these various platforms freely, without having to use web scrapers or reverse-engineering. But we don't live in that world.

It does appear there is a review process being performed by FriendsOfGalaxy, before it commits changes from the source repo to its forks. And I do believe they have good intentions. But they could miss something, and so it is a security risk.

But there is a level of trust given to FriendsOfGalaxy by GOG, because they are willing to hard-code the FriendsOfGalaxy repositories into the GOG client. If GOG really wants to say "we're not on the hook for this" they should make the Github integration opt-in, rather than providing it by default. They could say "here is the #1 community source for plugins github.com/FriendsOfGalaxy" and let the user choose it. But I understand GOG wants to give users what they want, which is hassle-free integrations. They are trying to walk a fine line in a legal environment hostile to users' choice and control of their own data.

No they don't. The integrations in the FriendsOfGalaxy repo never see your credentials, they use the API's of the different platforms, thats why they open a webpage to the official login pages of the service you are linking. Stop fearmongering if you know nothing about the API's of the platforms. GOG does not and can not maintain plugins for all the hundreds of gaming platforms, an open API is the only feasible way to do this.

If it is in the FriendsOfGalaxy repo you can assume it is safe, if you find a plugin somewhere else use common sense. This entire thread is full of people who have no idea how these platforms work holy shit.

Is that true for Steam though - the biggest of all and the most important ? Cause the new window does not look at all like the Steam official log in not to mention it has the gog logo in it. I tried all other intergrations and indeed they lead you to these places official log ins. But Steam seems to be handled differently for some reason. There is more info on github. Could you comment on this one as someone who seems to know a bit more about APIs ?

Steam works differently since it actually has a api, EA origin doesn't have a API at all so you have to log in basically normally, while API lets you get around and do few more things then a normal login
even steam allows you to see how and and teaches you what does what https://steamcommunity.com/dev

as for third party staff some of them are really hard core into gog and drm free as well some of the staff and galaxy integration or most work together even though they work on there own projects

people don't see these because there not using the forums, they use chat rooms
also 500KB upload limit for gog...
https://imgur.com/39kMi5C

it's inpossible to upload to gog even cutting the picture in half and using PNG


also edit just noticed i necroed this thread, it's really annoying when i do that since no one hardly chats in the forums so the top thread can be from 2 weeks ago...

It is safe in terms of passwords to integrate the platforms with community plugins?

I have no idea, but I think is an important question.

Wholeheartedly agreed.
Saying you don't support the feature you base your marketing around is completely dishonest.

"Holy shit" indeed.
If it is in the FriendsOfGalaxy repos (plural), you can assume it is unmaintained. See the Ubisoft integration. With no way of redirecting Galaxy to some other repo that I trust. Single points of failure are ALWAYS a bad idea.