I've been lurking in that list (repository) for a while, because the topic of repositories is of interest to me.
I think that maven will have a big effect on java development and I understand that the apache repository will be where maven stores its jars (not sure about that but that would make sense, cross posting to maven-dev).
I just wanted to check if you quantified or considered the requirement about how long you would keep artifacts at their url.
Today I experienced some broken build with an unofficial makefile that helps build a system called Syncato (details at http://www.chanezon.com/pat/weblog/archives/000131.html).
Rick Bradley's syncatomatic is a hack, and it broke because it made assumptions about xerces 2.3 source distribution to be hosted on an apache mirror.
I thought: no big deal for a quick hack like this, designed to help people out temporarily.
But when most java software gets built using maven, I guess you don't want that kind of things to happen. And it could happen all over the place, in a few years, if old version of artifacts get decommissionned wihtout warning.
Did you specify a lifecycle for artifacts, with some durations, and a process to decommision them ?
Also maybe when decommisioning time approaches, the server could notify maven, and maven could issue some warnings, pretty much like deprecation messages in java compilation, so that developers get warned that they should upgrade to a newer library.