MrL0G1C の投稿を引用：

TremorPV の投稿を引用：

Development would probably go faster with more people working on it, with Valve controlling what actualy makes it into the updates.

Yeah, a bunch of people not understanding what they're talking about replying here.

... the "whoosh" you heard was the irony going over your head.

You haven't got a clue what you're talking about, so much nonsense, all easily proven to be completely wrong by reality itself, go learn about software and computers and networks and severs.

Let's put it this way: name one open source Anti Virus program.

@MrL0G1C
Sounds like a great idea, can't wait to see screenshot posts of people showing "So I got this message from Valve on the chat about this Valve admin doing X and Y"

If Valve makes it open source there opening the chance of someone finding a way to put messages on it, there opening the way for much more stuff
So no its a horrible idea to open something that is part of the client itself, part of what users overall see as safe

cinedine の投稿を引用：

Let's put it this way: name one open source Anti Virus program.

Not a good pick, Antivirus many times is a scanner for known issues, that we got open source, Its not made to block hackers anyway just to find known virus

/leaving, too much https://en.wikipedia.org/wiki/Dunning%E2%80%93Kruger_effect

MrL0G1C の投稿を引用：

/leaving, too much https://en.wikipedia.org/wiki/Dunning%E2%80%93Kruger_effect

That does not answer anyone and anything said, that is what people say when they got no answer
Honestly mate expected more from you spasficlly :(

MrL0G1C の投稿を引用：

You haven't got a clue what you're talking about, so much nonsense, all easily proven to be completely wrong by reality itself, go learn about software and computers and networks and severs.

A little knowledge is a dangerous thing. Unfortunately, you seem well versed in the theory of how it could be implemented but not the practicalties and legal ramifications for a large scale data intensive business using open source security. Please go and calm down before you post again.

MrL0G1C の投稿を引用：

/leaving, too much https://en.wikipedia.org/wiki/Dunning%E2%80%93Kruger_effect

Oh, the irony...

Brujeira の投稿を引用：

We read it. We understood it.

Clearly you did not, because someone who reads and understands the implications of the suggestion wouldn't make the comments that were made.

Brujeira の投稿を引用：

There's only one thing that commenters seem to agree on with the new client and that's that they all want different things from it. So that's what people will demand - different clients. Cathulhu's comment stands.

That's not how Git works. That's not how open source software development works.

Brujeira の投稿を引用：

Have you ever seen a program that handles sensitive information be open source? Can't say I have. Cinedine's comment stands.

Linux, an operating system used in the Enterprise as the backbone of most of the IT world, is entirely open source. Apache, the web server that is most dominant on the internet, is open source.

https://philanthropynewsdigest.org/news/gates-foundation-releases-open-source-financial-payments-software

You don't understand my suggestion.

Also, it's a chat client. What "sensitive information" is it handling? Discord is on Github if you consider your communications "sensitive".

Brujeira の投稿を引用：

Valve's accepted code would be open source and publicly viewable. Cue a hacking arms race between whitehat and blackhat nerds both trying to find possible exploits first. My point stands.

Any questions?

Yeah. Could you stop replying and wasting my time?

cinedine の投稿を引用：

The chat client.
The thing that is fully integrated within the client farmework and relies heavily on other modules like the friendslist, account settings, and notification system.

Except it's not because it now uses Electron like Discord does. Try dragging and dropping inventory items into the new chat like you could the old one. You can't. Because in many ways, the new chat is separate from the other features the Steam Client offers because all the other feature are old and it wasn't built for some of them apparently.

And being able to interact with those features doesn't mean access to your account information.

Brujeira の投稿を引用：

Take a deep breath and relax. You know full well that chat is one of the main conduits that scumbags use to send malicious links in order to hijack accounts and cause other more general miseries. It needs to be kept as secure as possible - legal and technical responsibility for that rests completely and solely with Valve... and that's where it's going to stay bceause that's where it needs to stay.

Again, you should probably stop replying, because you don't understand the implications or nature of my suggestion.

Leave room for actual constructive conversation please. Your opinion has been represented.

Black Blade の投稿を引用：

cinedine の投稿を引用：

Let's put it this way: name one open source Anti Virus program.

Not a good pick, Antivirus many times is a scanner for known issues, that we got open source, Its not made to block hackers anyway just to find known virus

Fair point.
Although the heuristics was more what I though about. There actually was one that also got distirubted with Linux distros, but its recognition was terrible and it was unable of real time protection.

TremorPV の投稿を引用：

snip

And that's a sales pitch. Seriously, that's what it came over as. And no, If you're not going to bother addressing our concerns than I'll just have to discount some more of your assertions.

"That's not how Git works. That's not how open source software development works."

Not really relevant. What's driving this whole mess? People aren't happy with the chat client because it's not exactly how they want it. They want it their way and won't settle for anything less.

"Linux, an operating system used in the Enterprise as the backbone of most of the IT world, is entirely open source. Apache, the web server that is most dominant on the internet, is open source. "

... and protected by commercial security software. What was your point again? As for the link, do you actually see any banks using that in the era of GDPR? No, thought not. Also...

"Also, it's a chat client. What "sensitive information" is it handling? Discord is on Github if you consider your communications "sensitive"."

Any sensitive info that a user would put into it - yes, some people actually do that. That info goes through Valve's servers and they have legal responsibilities there that Discord don't.

"Except it's not because it now uses Electron like Discord does. Try dragging and dropping inventory items into the new chat like you could the old one. You can't. Because in many ways, the new chat is separate from the other features the Steam Client offers because all the other feature are old and it wasn't built for some of them apparently.

And being able to interact with those features doesn't mean access to your account information."

But not completely separated as it's running in the same memory space. Besides, that in itself is completely irrelevant as any interaction with a chat client that is for users of one particular service will leave one gaping security hole right at its very heart...

... the user themselves as security failings are usually a PEBCAK problem.

The punchline is that everything I've just written is completely irrelevant too. Why? GDPR. Valve are solely resonsible for ensuring the security of the chat client - integrated or standalone - because they have sole ownership of the servers and everything that entails. You don't honestly see them being allowed to open source any part of the software that connects to those servers, do you?

TremorPV の投稿を引用：

cinedine の投稿を引用：

The chat client.
The thing that is fully integrated within the client farmework and relies heavily on other modules like the friendslist, account settings, and notification system.

Except it's not because it now uses Electron like Discord does. Try dragging and dropping inventory items into the new chat like you could the old one. You can't. Because in many ways, the new chat is separate from the other features the Steam Client offers because all the other feature are old and it wasn't built for some of them apparently.

And being able to interact with those features doesn't mean access to your account information.

I'm not talking about your account information.
I'm talking about the integration. Access to the internal interfaces and the rest of the proprietary code.

If you can figure out to send a Steam notification, hackers would love this. What do you trust more? A comment under your screenshot or a notification telling you you are banned followed by a chat message sending you a trade link to a "Steam Administrator".
If it really uses Electron, this is even worse as there is (was) a big problem with XSS.

Being OpenSource doesn't make stuff better. And it certainly doesn't make stuff more secure. Remember Heartbleed that affected OpenSSL? After its reveal the codebase was put under scrutiny and several other major security issues have been fixed as a result.

Brujeira の投稿を引用：

Valve are solely resonsible for ensuring the security of the chat client - integrated or standalone - because they have sole ownership of the servers and everything that entails. You don't honestly see them being allowed to open source any part of the software that connects to those servers, do you?

You don't understand my suggestion or its implications, how open source software development works, or how GDPR applies to companies in terms of managing software that handles client information.

Please stop wasting my time, and leave room for constructive conversation.

cinedine の投稿を引用：

I'm talking about the integration. Access to the internal interfaces and the rest of the proprietary code.

If you can figure out to send a Steam notification, hackers would love this. What do you trust more? A comment under your screenshot or a notification telling you you are banned followed by a chat message sending you a trade link to a "Steam Administrator".
If it really uses Electron, this is even worse as there is (was) a big problem with XSS.

Being OpenSource doesn't make stuff better. And it certainly doesn't make stuff more secure. Remember Heartbleed that affected OpenSSL? After its reveal the codebase was put under scrutiny and several other major security issues have been fixed as a result.

There are already tools that do exactly that. Guarding interaction with those things is pointless.

You first say being Open Source doesn't make it inherently better, then go on to point out a major pro of Open Source software where it in fact made something better.

?

TremorPV の投稿を引用：

Brujeira の投稿を引用：

Valve are solely resonsible for ensuring the security of the chat client - integrated or standalone - because they have sole ownership of the servers and everything that entails. You don't honestly see them being allowed to open source any part of the software that connects to those servers, do you?

You don't understand my suggestion or its implications, how open source software development works, or how GDPR applies to companies in terms of managing software that handles client information.

Please stop wasting my time, and leave room for constructive conversation.

Then I'll refer you to Cinedine's post above this one which you'll also no doubt rubbish as it doesn't conform to your opinion.

TremorPV の投稿を引用：

[You first say being Open Source doesn't make it inherently better, then go on to point out a major pro of Open Source software where it in fact made something better.

?

Woah woah woah there... you're not talking about the Heartbleed mess there are you? You think being open source helped purely because lots of eyes descended on the code and found more problems with it? Read this... and don't come back until you have!

https://en.wikipedia.org/wiki/Heartbleed#Root_causes,_possible_lessons,_and_reactions