On Thu, Jan 29, 2009 at 9:27 PM, Merv Green <paradeofh...@gmail.com> wrote:
> Asking this embarrasses me, but must be done. > > I work for a company where the internet terrifies Them. They want to use > Maven, but they think it should never go online, so they want a locked down > internal repository containing whatever artifacts some couple hundred > developers might need. > > Can we, as I believe, not effectively use Maven this way? It _can_ work, and it's actually a very good idea. You are not alone. :) Run a repository manager (Archiva, Nexus, Artifactory) internally, and tightly control its contents. Establish some process for developers to request uploads to the repo, and have the team responsible for that go through the motions of retrieving the artifacts, verifying the signatures, etc., then uploading. You can usually upload through the web interface of the repo manager. For larger uploads (a plugin and its bunch of dependencies) I've had good luck using the assembly plugin to package all the artifacts in remote repo format, then copying that into the managed repo. Where I am, a governance board controls open source and third party dependencies. They review the license as well as consider whether it's something that they want used within the development organization. Access to external repos is prevented by the settings.xml in our custom Maven distribution, so that everything builds against the approved artifacts in the internal repos. If there's a really huge new project coming on, you might configure a separate repo and let that proxy central for a while, then shut it down and go through everything it has proxied to determine what needs to be moved into the approved repo. HTH, -- Wendy --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@maven.apache.org For additional commands, e-mail: users-h...@maven.apache.org
