[snapcaster]

I think something like professional licenses are easy to see benefits of but really hard to see the downsides. How many wonderful things _wont_ be created when you start gatekeeping something? Maybe it is worth it but it's not some free win

[prmoustache]

Mandating a professional license for hairdressers to work professionally does not prevent you from cutting your partner/friends/family hair as long as you don't ask any money in return.

[Aurornis]

> easy to see benefits of but really hard to see the downsides

I think like most hypothetical discussions, the commenters proposing these ideas aren’t interested in practical versions of the idea with tradeoffs. They imagine a perfect version of it in their minds with no downsides that accomplishes everything they want.

The demand for professional licensure doesn’t even make sense in this context. Is professional licensing supposed to stop developers from naming their packages names that LLMs produce? Is it going to force the package repos to check that everyone has a professional license before submitting packages from the United States (or other countries with licensure)? Can it be worked around by changing your country in the drop-down box to a country that doesn’t have licensing?

The calls for software licensure never seem to take into account the global nature of the Internet and software development.

[8n4vidtmkvmk]

Yes. If they nefariously typosquat, that could be grounds for losing your license.

Adding a link to your verified license in your package.json or personal website so that installers can check that the author of the package they are using does have a license sounds perfectly fine.

Proving you reside or are licensed in some country before you can publish to that countries repository sounds very doable too.

We don't even have to do this perfectly. It's not about preventing people from skirting the system, it's about giving users and developers the option to install from only verified sources.

Would you rather get heart surgery from a licensed doctor or an unlicensed one? What if both existed where you live? I'd probably ask to see their license before going through with it.

[Invictus0]

Like I said, the license should be for handling sensitive data. You're free to make doodle jump if you like.

[snapcaster]

I just don't like when comments on things like this don't engage with the downsides. Gatekeeping isn't "free" or strictly better

[Invictus0]

The status quo is that anyone can make an application that leaks a million drivers licenses, with no oversight, penalty, or restrictions whatsoever. This is good?

If hairdressers have to take time to learn how to not cut people's ears off, people publishing applications should have to learn basic security practices. I think you will find that no one finds this controversial. And yet, we are moving to a world where AI is making it easier than ever for an army of vibe coders to make apps without knowing the literal first thing about security.

[8n4vidtmkvmk]

I'm thinking about this selfishly. I'd have to go and take a test. But my employer would probably pay for it. Maybe if I wasn't already employed, it'd be on my own dime, but even that isn't too unlike the school I've already paid for. And I'm sure I'd pass the test. As long as I don't have to recertify too frequently, it probably wouldn't be awful. And also selfishly, if it keeps some riffraft out, I wouldn't hate that either.

I guess my biggest concern, with parallels to that time I sold life insurance, is that they test for one thing and then in practice you do a different thing. I hear the same is true for realtors. So.. it becomes an exercise in memorizing some BS that you won't use again after the test. If we do this, the software engineering test would need to be updated at least annually, and better be written by some well respected security researchers.

[vincnetas]

no one is prohibiting hackers from hacking. i do my haircut at home without any licenses. what you need license for is to provide services to other people for money.