>But if the 'grunts' had the power to say 'no, I will not do this because it is insecure and my license is on the line' then that's a good thing. No?
This will never work in a global economy. If you outsource the software you're just begging companies to find someone making 15$ the fall guy.
Sounds pretty bad. Your manager tells you to do something stupid or your fired. You do so, and when it fails they blame you and your software engineering license is revoked. You can't find a job and now get to live in a homeless shelter.
Meaningful fines for companies is the only way to fix this.
Maybe... For some sensitive things like location data an expensive permit should be required. But this needs to be a corporate responsibility, not an individual one.
In your scenario bad companies are going to ruin the lives of their employees by making them risk their licenses.
Arguably this whole thing wouldn't happen if these apps were distributed and updated via the OSX app store. If that's the future you want, it's largely already here.
You can check a setting in OSX to make it so.
Who decides what software to regulate. Do I need a permit to install Python ?
I don't want to regulate software. I want people to have something to lose if they make a decision that has a large impact.
> Arguably this whole thing wouldn't happen if these apps were distributed and updated via the OSX app store. If that's the future you want, it's largely already here.
I don't understand this point.
> Who decides what software to regulate.
Who decides any laws or regulations?
> Do I need a permit to install Python ?
Does you installing Python have potential consequences for large numbers of people or could it cause a significant amount of harm?
Why do you take the most extreme possible position and apply it to me? Is it that difficult to argue against a sensible one?
> Arguably this whole thing wouldn't happen if these apps were distributed and updated via the OSX app store. If that's the future you want, it's largely already here.
I don't understand this point.
The core of this issue is an insecure updating mechanism for desktop apps. You can argue for security sake, users may opt to only use the official Apple app store or the official Microsoft store. In this case instead of having a random startup manage the update process, you have a couple of multibillion dollar companies.
I'm trying to figure out what exactly you want to happen here. Would you essentially make it a legal to distribute software without a permit ? Would distributing certain software require a permit ?
I am expressing long held frustration that software engineering as a culture is trying to eat its cake and still have it. Wanting to be called an engineer, demanding a high salary and running the largest sections of the economy and disrupting society in highly impactful ways, yet whenever someone asks them to take responsibility for any damage caused they downplay their role and anyone else's in the industry. It is time to grow up. If you make a decision to make more money or do less work, knowing that it has a risk to cause major problems for infrastructure, economy, or other people, then there should be something more on the line for you than a 'oopsie' at the end of it if you lose that bet.
If you want to run your company using vetted software and limit your developers to only use a small list of approved software. You can do that. I've worked in such environments. You can lock down the corporate firewall. The point is choice.
It's completely different if you basically want a regulatory agency which will decide what software people are allowed to build.
Outside of work I like to use niche Linux distros. If I accidentally wipe my vacation photos during the install process, that's a risk I took. I don't have a right to complain that I destroyed my own data and blame it on software largely built by volunteers.
However I don't disagree completely. If you want to build a hardened fork of Linux with software vetted by your private certifying authority, that could be a good market. If all engineers working on your custom fork need to be "licensed" by a privately run organization, that is also fine.
What exactly is the difference between an official 'private' organization and an official 'state' organization? The only real difference I can see is that one can actually enforce the rules it makes. I think you may be using this ideological opposition to the State as a way to have something absorb blame for things you do not want to attribute to complex human mechanisms.
This will never work in a global economy. If you outsource the software you're just begging companies to find someone making 15$ the fall guy.
Sounds pretty bad. Your manager tells you to do something stupid or your fired. You do so, and when it fails they blame you and your software engineering license is revoked. You can't find a job and now get to live in a homeless shelter.
Meaningful fines for companies is the only way to fix this.
Maybe... For some sensitive things like location data an expensive permit should be required. But this needs to be a corporate responsibility, not an individual one.
In your scenario bad companies are going to ruin the lives of their employees by making them risk their licenses.