One problem I see with restricting repository access is that even maven plugins attempt to download their dependencies from the web. It can be from ibiblio or elsewhere.
what about writing a shell wrapper or something that would take care that nothing apart from the allowed repository is connected when running maven. Or even patch the maven sources and do a custom build. How to do that I don't know though..
Regards.
Milos Kleint
Courtney, Craig wrote:
That could work but adds to much responsibility to the centralized body. Their job is only to approve external libraries for use not control your entire project. If only they could change the project.xml they would have to be involved in adding new packages inside the project, maintaining internal releases, etc.
Craig
-----Original Message----- From: Ryan Sonnek [mailto:[EMAIL PROTECTED] Sent: Thursday, August 26, 2004 10:06 AM To: Maven Users List Subject: RE: Is there a way to separate maven's repository from my repository?
wouldn't the easiest solution be to lock down the project.xml to only be modified by "approved" personel?
-----Original Message----- From: Courtney, Craig [mailto:[EMAIL PROTECTED] Sent: Thursday, August 26, 2004 8:57 AM To: Maven Users List Subject: RE: Is there a way to separate maven's repository from my repository?
I realize that someone can always circumvent any measures put in place. The point is to put in place a certification process, and make it difficult to go outside the process. I will only make available code (internal and external) that has passed this process in my repository. I don't want any chance of a non-certified version being "pulled" down via ibiblio with out easily spotable circumventions. If he can just add it to his POM he has likley already done a lot of work around that "illegal" library before this is caught.
We are also setting up a centralized build process so individual projects would not be able to override the repositories. As the home directory build.properties would specify only the internal repository.
Your comment about why would you want to join the project is failing in mindset. I am not talking about a open source project I am talking about using Maven inside an enterprise. I can not blindly allow any piece of code on ibiblio to make it inside our interal software. We have to centralize our evaluation of open source licenses and decide whether their restrictions are suitable for the intended usage.
Craig
-----Original Message----- From: Jörg Schaible [mailto:[EMAIL PROTECTED] Sent: Thursday, August 26, 2004 9:43 AM To: Maven Users List Subject: RE: Is there a way to separate maven's repository from my repository?
Courtney, Craig wrote on Thursday, August 26, 2004 3:33 PM:
Yes I know. The whole point to our creating a repository is
to control what libraries and versions there of get
introduced into our applications. If I am forced to make
available in my repository everything under the sun why
bother. It would be easier to just let every development
team download anything they want and include it in their
build process. The entire reason I was looking at maven was
to start controlling this issue not enabling it.
You can't really stop it. There is always a workaround. At least you have to create then your own (company) repo and prevent direct internet access, that no-one is able to activate ibiblio simply by adding it to the remote repositories. Additionally you must ensure (by check-in policy ?) that no-one uses jar override. But, tell me, why would I not want to join the project ...
Honestly, the POM has detailed information what library in which version is used. That's enough. If you want to ensure inter-project consistency you might start to use entities (as described on the wiki) or since RC4 you can achieve something similar to a certain point by using (inherited) properties for the versions.
- Jörg
[snip]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
