I'm a devops engineer (the responsability to make sure our dependencies check out ultimately fall on my shoulders) and I can't say I look at the code for all our dependencies.

Will I inspect less well used dependencies we have? Of course.

Will I audit the code base from EVERY dependencies we have (including foundational technologies like kubernetes, terraform, postgres, nodejs, python3, etc)? No, if I did that, I might as well change my title to "code inspector".

At some point, you need to use your common sense.

Even taking any consistency of character, moral, consideration out of the equation: In my case (and the case of most prolific people on github), I have a professional reputation to protect. Would I mess up a livelihood that I prepped up with an insane amount of unpaid work over almost 2 decades just so that I could hack random people's computers (something that wouldn't even be subtle given an open codebase)? It wouldn't make a whole lot of sense.

GOG are not going to maintain two different apps for the same purpose, and I think it's silly to expect that. Steam is the massive and dominant market leader, appealing even to people who just play simple card games or item finding games, and yet it doesn't feel the need to have a low impact client. It would just be a waste of resources for GOG to develop and maintain a separate app.

Again, the thing to argue for is a better GOG Galaxy. Less resource intensive on older hardware, full Linux compatibility, etc... improving that app is the way forward, not two different apps.

No. A lot of us do not want this games client.
Not even as a downloader.

And that is silly.

We hold different opinions on this subject, personally I don't see it as something silly. Now, I am unable to tell what maintaining two programs would have meant in the long run, but choice in this matter would have been welcomed. I somehow doubt a basic tool would have kept Galaxy from improving, or that it would have required a huge amount of resources.
Regarding Galaxy, its nowhere near Steam when you look at the overall picture, I believe many would agree with that.
I'd like to see a better Galaxy, but this sure is taking a lot of time.
I do agree with these points you mention - the issue is Galaxy needs a great deal of work and dedication. As of now it is resource intensive (at times even on modern hardware), it has a plethora of bugs, no Linux support and other shortcomings. In theory it sounds nice, in practice is something completely different. The road ahead is full of challenges for Galaxy and GOG.

It isn't, to some people Galaxy makes no sense since they find no use in it. One can easily get by without the need of a client, believe it or not.

This is very true. Been gaming on the computer since the 80's. I don't use launchers or downloaders. For this is the less stress free option as launchers/downloaders always seem to need troubleshooting to often.

I am one of those who suggested a Galaxy Lite.
I also did not ask for it to be a separate program.
It could easily be modular, where you enable or disable certain features.
However, it is not just the features that make it bloated, it appears to be the whole program from the ground up, so it needs a complete rethink.
My understanding is that Galaxy is masquerading as a web browser embedded in a GUI. I don't know all the details, but it isn't very well done (isn't optimized etc). It probably suffers from that nerd disease of tricks (being too clever) over common sense.

Indeed, but will they ever take the time to do that ... seems unlikely. I love GOG to a fair degree, but I am not blind to their many failings, and one of those is acceptance of things that just pass muster ... does the job, but not very well. Perhaps that is due to low staff, low skills, cost cutting measures or all of those things etc.

It goes further than that ;)

There are a lot of other applications that I have no use for. I can simply not install them, and forget about them.

Galaxy on the other hand is something a corporation is trying to force-feed me, going as far as betraying their "no DRM" founding principle when it can help them enticing us into installing their unwanted software. This qualifies it as a malware.

The vast majority of people enjoy the client experience and want a client, that's why GOG went the Galaxy route (while still offering offline installers for those who want them).

Would certainly be interesting to see some numbers regarding usage, enjoyment and desire.