Originally Posted by Ankh
IMHO, they have no choice. They have to listen to community, and address the issues, or risk facing a competition with open source replacement. THAT is a losing battle. In the long run, that "community noise" associated with OSS development beats the living hell out of resources that any company can throw at the maintenance of their software, and some crappy OSS designs have a tendency of reinventing and endlessly fixing themselves until they can do what is needed.
The competition from the open source community would attract a handful of users who have a technical bent to start with. I am guessing that this type of customer is less likely to buy from Kobo's book store simply because they have the knowledge necessary to obtain books from third parties (may that be DRMed ePubs, DRM-free books, or DRMed books in other formats with the DRM removed). Those who would purchase books from Kobo's store would also know that they need to obtain ePubs, and how to use that ePub with the DRM intact or removed. In other words, I don't see this making much of a difference to Kobo's bottom line.
I also wonder where the "vulnerable to hacking" comment comes from. There are various degrees of protection on devices that use open source software. Something like a Kobo is easy to hack because the development tools are widely available (yes, that can be attributed to the open source bit) and because opening up the device to third party software involves a modified initialization script (which Kobo has made no effort to prevent from happening). The situation with the similarly open sourced Android is somewhat different. Yes, the development environment is there. On the other hand, portions of that development environment were developed by Google and are open source only because Google decided to make it open source. Depending upon the Android device, the ability to modify the system ranges from easy to the necessity to root the device. Unlike Kobo, rooting an Android device is non-trivial.
Products from closed source vendors aren't necessarily better protected. The difficulty in gaining low level access to the device depends upon the vendor. Some vendors are open about how to do this, others rely exclusively upon obscurity, and many create more robust mechanisms to protect the system. Once you're into the device, the ability to modify it also depends upon the vendor. The availability of development tools will be limited if they are using custom parts. Yet many devices use off the shelf components, for which commercial or open source development tools already exist. Documentation is also a concern. Again, that will depend upon the vendor. Some vendors are fairly open while others are very much closed.
At the end of the day, most devices that depend upon open source code will be somewhat easier to modify. I will suggest that is solely because open source devices are better understood than their closed counterparts. Yet it isn't always true, since some closed systems are very well understood (e.g. Windows). Suggesting that open source makes a device "vulnerable" and implying that closed source makes a device non-vulnerable is misleading at best.