We have also had a process for documenting why we upgraded a dependency or chose a new dependency. We use Jira - so we would create a ticket type that had a workflow for the approvals. It was pretty lightweight but it would sometimes prevent developers using multiple libraries to accomplish the same task unnecessarily.
On Fri, Oct 16, 2015 at 1:40 PM, <michael.ctr.taru...@faa.gov> wrote: > Thank you Ron. We already do the first. We are considering the second, > but for a repo with a very large number of artifacts this is somewhat > impractical. To mitigate that, we may consider automating it. Finally, > knowing what to expect appears to present some problems to me. > > Michael Tarullo > Contractor (Engility Corp) > Enterprise Architect > NSRR System Administrator > FAA WJH Technical Center > (609)485-5294 > > -----Original Message----- > From: Ron Wheeler [mailto:rwhee...@artifact-software.com] > Sent: Friday, October 16, 2015 12:56 PM > To: users@maven.apache.org > Subject: Re: Setting Up Internal Repositories > > Hard to say but checking the checksums from the author's site would be one > way to vet a release from a third party. > Opening the download and looking inside to see that the artifacts are the > ones that you were expecting is less secure but could be part of vetting. > > Ron > > On 16/10/2015 12:33 PM, michael.ctr.taru...@faa.gov wrote: > > The Maven Introduction to Repositories documentation contains a section > that describes setting up an internal repository. > > > > In that section is described an option to manually download and vet > releases, apparently of a remote repo. > > > > What is meant by "vet"? Can you provide an example of how a repo > release would be vetted? I suspect this is highly dependent on the > intended use of the repo, but I'm just trying to get a general idea of what > is involved. > > > > Thank you. > > > > Mike > > > > Michael Tarullo > > Contractor (Engility Corp) > > Enterprise Architect > > NSRR System Administrator > > FAA WJH Technical Center > > (609)485-5294 > > > > > > > -- > Ron Wheeler > President > Artifact Software Inc > email: rwhee...@artifact-software.com > skype: ronaldmwheeler > phone: 866-970-2435, ext 102 > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@maven.apache.org > For additional commands, e-mail: users-h...@maven.apache.org > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@maven.apache.org > For additional commands, e-mail: users-h...@maven.apache.org > > -- Gail Stewart Sr. Release Engineer AP & Payment Automation 125 Cambridgepark Drive Cambridge, MA 02140 gail.stew...@mineraltree.com 617.299.3399 x148