Hi EJ, 1) Maven itself "grabs" anything from net, isn't it? :)
2) You can operate Proximity in "offline" mode (added in RC1 release), and you can collect your "assorted" and checked artifacts/items/resources and simply "put it" under Proximity. In "offline" mode Proximity DOES NOT TRY to reach any of it remote peers (if the repository in question is cache repository like the "central" one in default configuration that comes with it). But this does not make a lot of sense... read next one. 3) you can operate proximity with "inhouse"-like repositories only, a repositories where you don't have remote peer at all! This way, Proximity will serve only what it has and nothing more. 4) setup isolated proximity on some DMZ machine (safe zone but with internet access), perform a single build (i'm talking for proximity with "factory default" setup) and shut it down. Inspect the cached artifacts pulled by Proximity and then transfer the Proximity storage (deep file copy) under another Proximity instance on the safe side (intranet) which is configured to work offline (2) or is configured only to host reposes and not proxy them (3). Hope this helps. * - remotePeer in Proximity slang is the remote location (currently with HTTP transport only) to fetch artifacts in case of proxied repositories, like "central" on ibiblio. ~t~ On 7/13/06, EJ Ciramella <[EMAIL PROTECTED]> wrote:
We don't find proximity an acceptable solution. Our security department frowns on anything that just grabs anything over the internet like this. Their fear is someone could spoof a url (happens) and people would download malicious code. Anyone else?