Hi, I'm currently playing with Archiva 2.2, and I was having a look at the duplicate artifact consumer : it seems that it only seeks duplicate artifacts in the same repo, see the line below, from DuplicateArtifactsConsumer.java :
results = metadataRepository.getArtifactsByChecksum( repoId, checksumSha1 ); "repoId" is specified in the method's arguments, so I suppose that the result only contains artifacts from this repo ... Obviously, it's better than nothing, but in my configuration, I have a "proxy-repo" connected to maven central and other Internet repos, and I use the internal repos (releases + snapshots) only for the artifacts that our users deploy through their maven builds. The duplicate artifact consumer would be really helpful for me, to identify the naughty users that deploy open source jars in our internal repo. But if the consumer doesn't make a cross repo research, I won't find out the open source jars that are both in the proxy-repo and in our internal releases repo. Do you think it would be possible to improve this for a future version ? Do you want me to create a jira ? Thank you ! Isabelle
