It seems that many circumstances are converging at the same time to show that we need to make the next step and use active repository management on the Apache repository. The increased pace of releases lately is showing the flaws in the current system and it's not even possible to deploy a release right now on p.a.o[1]. That's only a temporary issue, but more noticeable is that we require all releases be staged and using the maven-staging-plugin has always been a stop gap measure. It's slow and inconvenient to use and often breaks down in the middle of a release due to uncorrected permissions on the file system from a previous release, or simply from transport errors due to the large amount of data pulled down and pushed back up.
I'm proposing that we use Nexus Pro to manage the repository because of the staging support. The staging and promotion suite of Nexus allows you to stage release artifacts before they go live in a release repository. A single URL for all projects is all you need in your distributionManagement and Nexus can sort out where they go based on profiles you define. These profiles allow you to control which artifacts get staged together, who gets notified, who can see them, etc. These staged artifacts go into a temporary repository that is created on the fly when you deploy. This repository is then used for testing and subsequently dropped or promoted in a single transaction to your release repository. We've been using this for the Nexus OSS releases for a few months and it saves us tons of time when we stage / test / restage releases, and completely eliminates the manual artifact and metadata manipulation previously required. This will also make it much easier to stage dependent releases together into a single repository. You can read more details about staging here[2] Besides the staging support, having an repository manager will provide us additional benefits: We won't have to deal with people forgetting to reset the permissions. The metadata will always be corrected, even from non-maven native projects. The snapshot repository will be actively managed to reduce overall disk use creep that requires drastic measures like dumping the whole thing. The plugin API will allow us to evolve and tailor the system to meet future Apache processes and requirements (such as enforcing valid signatures, licensing requirements, packaging requirements, etc). There are other MRMs out there (including one here at Apache), but none of them support the staging process the we need right now. Nexus also requires the least overhead in terms of resources and external dependencies (none). Using the new LDAP setup being piloted at ASF Infra will make it finally possible to tie all the correct user accounts together for committers. Sonatype is making free Nexus Pro licenses available to OSS projects and naturally Apache qualifies. This is similar to the existing Jira and Confluence installations being used by Apache projects via a free OSS license from Atlassian[4],[5] The Apache repository is an organization-wide resource used for all Apache releases that then get synced to Central. I'm proposing it here as the Maven team is in the best position to get it setup and worked out before rolling it out to the rest of the organization, but there's no doubt that this will be useful to all Apache projects built with Maven. In the interest of full disclosure, I work at Sonatype and manage the engineering team that produces Nexus. We will support and manage the installation as required. [1] https://issues.apache.org/jira/browse/INFRA-1886 [2] http://books.sonatype.com/nexus-book/reference/staging.html [3] http://nexus.sonatype.org [4] http://www.atlassian.com [5] https://issues.apache.org Discussion? ---------------------- Brian Fox Apache Maven PMC http://blogs.sonatype.com/brian/ ---------------------- Brian Fox Apache Maven PMC http://blogs.sonatype.com/brian/
