Chris Helck wrote:
Could you clarify the security requirement? It sounds like you don't want
unverified jars entering the development space. Is this correct?
That is essentially correct.
-
To unsubscribe, e-mail: users-unsu
ou are stuck with a completely manual process that will be
>> bureaucratic regardless of the existence of a tool or not. It simply isn't
>> practical to try and pull down all 80gb of central and every other repo you
>> might ever want and then hide in a corner hoping you
adeofh...@gmail.com
> To: users@maven.apache.org
> Subject: Re: Maven for the internet afraid
>
> We envision a process where we periodically reevaluate our needs,
> gathering all artifacts we'll use until the next assessment.
>
> In summary, that is simply impractic
ver want and then hide in a
corner hoping you never need something more. It has to be a balanced approach.
-Original Message-
From: Merv Green [mailto:paradeofh...@gmail.com]
Sent: Sunday, February 01, 2009 2:14 PM
To: Maven Users List
Subject: Re: Maven for the internet afraid
I need to clar
> want and then hide in a corner hoping you never need something more. It has
> to be a balanced approach.
>
> -Original Message-----
> From: Merv Green [mailto:paradeofh...@gmail.com]
> Sent: Sunday, February 01, 2009 2:14 PM
> To: Maven Users List
> Subject: Re: Maven for th
repo you might ever want and then hide in a
corner hoping you never need something more. It has to be a balanced approach.
-Original Message-
From: Merv Green [mailto:paradeofh...@gmail.com]
Sent: Sunday, February 01, 2009 2:14 PM
To: Maven Users List
Subject: Re: Maven for the internet
I need to clarify my question.
The security people at my company certainly want the finest-grained
control possible over artifacts, that is, an ask-first model where they
approve each individually. I don't question that we can force Maven into
this mindset, but whether we can do so without sig
In short, two handy URLs:
http://books.sonatype.com/nexus-book/reference/procure.html
http://blogs.sonatype.com/people/2009/01/nexus-professional-what-is-procurement/
Hope helps,
~t~
On Sat, Jan 31, 2009 at 9:36 PM, Merv Green wrote:
> So, in my quest to take Maven completely internal, I'm st
So, in my quest to take Maven completely internal, I'm still grappling
with a couple of use cases:
1. Gathering plugin dependencies
We have some list of approved plugins we somehow decide we need. For
each, we want to populate our repo with any artifacts those plugins
might require in use.
That's one reason why I run Nexus locally when I travel, because the
offline mode breaks lots of plugins.
-Original Message-
From: Martin Gainty [mailto:mgai...@hotmail.com]
Sent: Friday, January 30, 2009 10:28 PM
To: users@maven.apache.org
Subject: RE: Maven for the internet a
ssion.
> Subject: RE: Maven for the internet afraid
> Date: Fri, 30 Jan 2009 22:04:36 -0500
> From: bri...@reply.infinity.nu
> To: users@maven.apache.org
>
> This use case was exactly what the Procurement in Nexus was designed to
> support. It allows you to definitively con
This use case was exactly what the Procurement in Nexus was designed to
support. It allows you to definitively control the artifacts used by
your builds. The only alternative is to manage it my hand, which is
labor intensive and error prone.
http://www.sonatype.com/products/nexus
-Original Me
On Thu, Jan 29, 2009 at 9:27 PM, Merv Green wrote:
> Asking this embarrasses me, but must be done.
>
> I work for a company where the internet terrifies Them. They want to use
> Maven, but they think it should never go online, so they want a locked down
> internal repository containing whatever a
13 matches
Mail list logo
