They are giving the client away for free tho. That's kind of the point. I'm still waiting for actual argumentation against open-sourcing the client, because so far, there wasn't any troughout the entire thread.

All right, then I'm saying that humble guys made a mistake there.

That's nice and all, but GOG is not writing a revolutionary piece of software. On the contrary, they're working on code which is already implemented over and over in non-gaming related software and is availible freely. Let's not act as if GOG's code was something that companies are standing in line to get - it's really, really not. On the contrary, I'd be very surprised if GOG themselves didn't use code from other software or web resources.

Just to note I'm not against it, Heck I'm all for anything that gives the customer more options.

I just think that particular argument for it was laughable since it can be used for anything. It's alright to say you simply want it, as a customer you don't need any deeper reasoning. You just need to show (with threads like this one, of course) that the 'demand' part of 'supply and demand' is there.

timppu, companies in general are irrational. They don't have perfect knowledge far from it. Many many many business decisions in the gaming industry are completely stupid and irrational and based fallacious reasoning at best. Humans are flawed and there are zero reasons to think that company executives are any different.

On another note there are NO disadvantages for GOG's customers if they open source Galaxy and/or open up its protocols and API's.

Edit:

Another reason for open sourcing: So that games and source ports under the GPL can make use of the functionality related to achievements, multiplayer matchmaking etc.

An open source client or at least protocol would be a good thing imo, and would make GOG seem even more open and DRM Free as it is now.

There are a couple reasons the security argument (all bugs are shallow) is bunk, both of which were evidenced with the heartbleed vulnerability.

a) Just because the code is open doesn't mean benevolent outside experts are actually auditing it. Open source projects without corporate backing struggle to find enough even semi-competent outside help. Most software developers don't spend their free time reading code that they are not paid to read beyond their own pet projects.

b) When a security problem exists in open source software, the black hats will know exactly how to exploit the flaw as soon as the code is released, which must be as soon as the binaries are generally available. This means that everyone who doesn't patch the moment a new version is released (or even before that if development is done in the open as well) are vulnerable.

I say all this despite being a Linux user and an open source contributor.

All that said, opening the protocol could have more benefits.

For one it would force GOG to seriously consider security at the protocol level and not rely on trusting the client.
For a second, if/when people do develop alternate clients, it would break up the monoculture and make the cost of a vulnerability in any particular client substantially less.

As someone who usually supports open source... I can't here. I would much rather GOG keep all GOG gamers on the same level, then a butch of people having access to the code and changing Galaxy and dividing the community.

How do you propose that would happen? If anything, colaborating on the software would make the community even tighter.

Oh definitely, relying purely on community for security review would be an extremely dumb move. Nonetheless, releasing the source can't really hurt, especially since we're talking a free application here.

Dividing the community in the sense that some would be running modified software if given access to the code and other would be running the original client... I would prefer everyone being on the same page, with popular software by a big company... this just works better.

Open Source is great, but one only needs to look at open source projects like Linux to see open source has drawbacks.

Chances are the two of us are using a different browser. Are we not talking now?

Nobody said anything about crowdsourced development, we just ask for GOG to release source of their software. If GOG then accepts changes from community or not is entirely up to them.

That's irrelevant to what I said. Browsers are designed by different companies to accomplish the same task. Each of the companies are responsible for the security and support of there browser. While GOG would not technically be responsible for the support of modified software, there would be no doubt headaches and confusion among the less technical GOG users who don't understand they got a modified GOG client that may or may not do everything the original client does and that said clients would receive the same updates unless the community integrates the new changes. All questions will end up at GOG's doorstep as the original creator. Just creates a butch of un-needed disparity between GOG users and the clients there using. I would personally rather not see that as I said.

Closed platforms have advantages over open source ones... same as open source has advantages over close platforms... in this case I would rather the platform remain closed.

I was talking about it terms of support and security.

What does it have to do with the subject of the thread? We aren't talking about games (GOG has no control over them, it's up to developers how to price them). We are talking about the Galaxy client which GOG develop.

Why such paranoia about sharing your development code? Those competitors can even contribute to the client (surprise!) becoming collaborators in the project. Closed source mentality often can't grasp this simple idea. And as I said, it's not like GOG is selling the client and scared that competitors will take it for free.

I guess your example would be Jolla. They were criticized actually for promising to release their Sailfish OS as open source and failing to deliver.

The fear of fragmentation is false here. So what if others would run a modified client? If those modifications are good for users, it can encourage GOG to accept them in their own version. And if they decide not to, users can run the alternative. It's good, not bad for users. If some users won't like other version, they can always take the GOG one. Bad quality forks die out quickly in the open source world. Such kind of irrational fear of forks simply has no basis.

My guess would be that he assumes the authentication code will be on the client instead of the server, thus a little easier to bypass. If the server does the checking and returns a 403 for unauthorized users, this is (obviously) irrelevant.

Why would authentication code be on the client? That doesn't make any sense. Client should only accept credentials and deliver them to the server authentication. It's irrelevant what kind of client that would be as long as it will follow the protocol. I doubt it's even possible to do such thing on the client, unless you duplicate the full database of users on it. Again, it doesn't make sense.

Don't ask me. I'm just posting a theory of what another user may have meant. The reason I think that's the misconception he has is mostly due to the fact that if you have the source code for a check, it's easier to bypass said check than if you haven't, so most people assume that having access to source code gives you a free pass on any such checks.
That is obviously not the case.

I guess that could be a misconception. But if that's the case, people have bad understanding of security. Security by obscurity is never a true security.