Hello, For builds going to the testing group, it would be somewhat of an audit report, some kind of warning mecanism that there are unapproved thrid party products used in the build.
For "official" releases this can definitely viewed as a build time failure... But you are right, this business of approved/unapproved software is quite tricky and is not necessarily straightforward. Thanks for the info Sonia Wendy Smoak-3 wrote: > > On Tue, Dec 2, 2008 at 1:33 PM, solo1970 > <[EMAIL PROTECTED]> wrote: > >> Any of the third-party products used to produce our software need to be >> approved by a special departement. Is there any way to ensure that the >> third-party products we use for "official" releases have all been >> approved? >> (like a keyword or setting).... > > There's nothing currently in Archiva to handle this, though depending > on what you need, that might not be necessary. For example, you could > deploy additional metadata beside the artifact to describe the > approvals. Do you see it as a build-time failure if a team uses an > unapproved artifact, or would you want an audit report after the fact? > > From experience with this problem... unless you have a very simple > governance model, it's not a binary "approved" or "not approved" > forever decision. An artifact might be approved for use by one team > and not another. And approvals may have a time span, after which they > expire. > > (Also, you might want to look at Palamida's products, this is one of > the things they do.) > > -- > Wendy > > -- View this message in context: http://www.nabble.com/Approved-versions-tp20800313p20813416.html Sent from the archiva-users mailing list archive at Nabble.com.
