Comment by philipwhiuk
1 year ago
This is all a pitch to run Emerge tools in the CI/CD process.
So from Santander’s side:
Introduce a third party dependency
* that has to go through the appropriate auditing
* that adds a supply chain attack vector
* that likely slows down internal development by adding an extra step to the build process (no you can’t just do it on release builds that would be crazy)
* with an added cost
All for something most likely no customer (or statistically no customer) ever complains about.
Yes, the thing that people who ship 600 MiB apps have in common is an extreme attention to detail in their "software supply chain".
Yes, that is the sort of thing you have to care about in banking.
But they can fix the issues that are bloating the app without those tools now that they know about them. Plus, it would be possible to figure most of this out just by looking casually at the size and structure of the IPA they're uploading for distribution.
> Plus, it would be possible to figure most of this out just by looking casually at the size and structure of the IPA they're uploading for distribution.
Which they'd probably do if a statistically significant number of people cared.
> This is all a pitch to run Emerge tools in the CI/CD process.
True. But still very educational about the current state of computing.