On Tue, Dec 2, 2008 at 1:33 PM, solo1970 <[EMAIL PROTECTED]> wrote: > Any of the third-party products used to produce our software need to be > approved by a special departement. Is there any way to ensure that the > third-party products we use for "official" releases have all been approved? > (like a keyword or setting)....
There's nothing currently in Archiva to handle this, though depending on what you need, that might not be necessary. For example, you could deploy additional metadata beside the artifact to describe the approvals. Do you see it as a build-time failure if a team uses an unapproved artifact, or would you want an audit report after the fact? >From experience with this problem... unless you have a very simple governance model, it's not a binary "approved" or "not approved" forever decision. An artifact might be approved for use by one team and not another. And approvals may have a time span, after which they expire. (Also, you might want to look at Palamida's products, this is one of the things they do.) -- Wendy
