Antivirus programs are way too inaccurate to be used authoritatively, especially for developers. It’s not uncommon that some virus will use a well-known open source library or packaging tool, and then the antivirus decides that any binary with that same library or stub from that packaging tool must also be a virus. When your program depends on it, if you can’t turn the AV off or make an exception, you’re just fucked. Also, programming is an iterative process. Make a small change, test, repeat. Requiring that developers upload and wait for a scan from some third party for software that they compiled locally and have no intent to distribute is a giant waste of everybody’s time, especially the developer’s. It’s a huge drag on productivity for the sake of bureaucracy.
Antivirus programs are way too inaccurate to be used authoritatively, especially for developers. It’s not uncommon that some virus will use a well-known open source library or packaging tool, and then the antivirus decides that any binary with that same library or stub from that packaging tool must also be a virus. When your program depends on it, if you can’t turn the AV off or make an exception, you’re just fucked. Also, programming is an iterative process. Make a small change, test, repeat. Requiring that developers upload and wait for a scan from some third party for software that they compiled locally and have no intent to distribute is a giant waste of everybody’s time, especially the developer’s. It’s a huge drag on productivity for the sake of bureaucracy.
I’m quite sure the guy above is not talking about devtest environment, but production deployments…