I made a rule to never pre-order after SimCity 5. I broke that rule when I saw the price of skylines, the small dev team that was producing it, and the support they wanted to put in for modders.

Do you think $30 is cheap or expensive? I, for one, think it's exactly the right price.

I'd say it's a bit cheap. I'd expect something like this to start out at $50-60 at initial release.

EA is still selling Sim City 4 for $20, despite it being old enough to be in middle school by now.

I'd say it's a bit on the cheap side when you are talking full retail pricing. It executes well on its premise, has good polish and has no major issues that I've run into at release. That's better than most games asking for $50+ these days. And yet, it's priced at a discount.

He thinks it is cheap. He would be willing to pay around $80.

Skylines is showing at £29.99 (equiv of $46) on greenmangaming for me atm...

If you click on the link VIP and sign up for an account, the standard edition is $21.89

Yeah over 10k mods in the first week.. Crazy!

I think skylines mods are non-sandboxed (meaning you can do what you want code-wise, note the mod that adds reddit posts to your game internal chirper) that would concern me from a malware perspective

it is nice to see that they post hash values of what was audited, but how do I prevent the steam client from automatically updating the mods I have to a newer non-audited version? how can you compute a checksum of the module before downloading it? it seems the steam client only allows you to 'subscribe' to a mod, not to download/check/install it

They are non-sandboxed but most are open source.

Additionally, there are so many users testing these mods that I doubt any serious malware could be put on Steam without being caught by the community.

assume I have a "good" mod, lots of people download it, which as far as I understand is a "subscription" in steam workshop terms, somebody breaks into my account and uploads a malicious update, now everybody will download the malicious update instead: unless there was a way to tie a code audit to a specific module that you download it seems like this would still be risky

That's a risk you take running any program that isn't sandboxed. I don't see how mods through Steam are any different. Until any popular mod is found to be malicious I don't think it's worth getting paranoid about.

mods that cannot initiate network connections or the local filesystem are not that much of a concern, but running an arbitrary C# program as your local user to me is a significantly different use-case, I think the steam workshop should integrate a checksum approval process where a user can decide for each individual update if they want to install or not.

I personally have bought skylines and find it great, but I am really wary about downloading mods for it as things stand now unfortunately.