> -----Original Message----- > From: Brett Porter [mailto:[EMAIL PROTECTED] > Sent: Friday, September 26, 2003 8:56 AM > To: 'Maven Users List' > Subject: RE: Corporate constructive criticism > > > > > I think you are assuming a lot about a typical corporate > > environment > > > :) I would think most have separate networks and machines for > > > building, deploying, developing, and they have to get > > around either by > > > ftp or ssh. Both are available in the aritfact plugin, as well as > > > file. > > Obviously you work for companies with lots of money. I would > > suggest that there are more places around the 100 developer > > mark than the 1000 developer mark. And the smaller ones don't > > have dedicated networks for building and deploying! > > HAHAHAHHAHHAAAA! Sorry, that shouldn't be funny. We're about 10 developers > using Maven, but the company has many different subnets, firewalls and so > on. I expect most people have their production environments not > in the same > place as their development for security reasons... > Anyway, they're not dedicated, just separate. > > > Anyway, if the artifact plugin is the solution, thats great, > > although it is unclear from the docs as to how that plugin is > > to be used. I assume the idea is that it works behind the > > scenes, defining the communication stuff and called by other > > targets.... > > Yep. And artifact is one thing I hope to get rounded out (or find > out where > Michal was up to) before 1.0. >
Well code in artifact plugin is quite functional. There is one serious problem with it: passwords, private key passphrases etc. probably shouldn't be kept in properties files. If we can live with the fact that they are kept as open text - artifact plugin can be widely used. Note that for HTTP, FTP, are highly insecure Proxy server authentication is also not reliable from this point of view. So what I did doesn't introduce substantial decrease of security in case of those protocols. Protocols from SSH family: SCP, SFTP can be used with key based authentication and with or without passphrase protection of keys. For intranet repositories probably such "illusion" of security is probably sufficient. The truth is: either deployment of artifact will be secure or easy (read: can be fully automated). I am afraid those two things are not going well together. That is what stopped me. I tried also to walk other path: deploy operation can be delegated to shell scripts or generally to external programs. I don't have much experience in windows/unix scripting and I didn't come to nice/utilizable solution. If somebody wish to help with this - that could be an alternative. On windows WevDav shared folders can be visible as local folders On Unix ftp, http(?), other(?) can be mounted to local file system. Therefore file:// protocol can be more useful then it seems... When Maven will work in client server mode those things can be solved in different way. Michal P.S. I am currently working on component based library which facilities both deploy and fetch operations. It's quite usable already, but I won't use it in maven before 1.0 is out (unless something unexpected happens :)). The Code and ... conception still needs some testing. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
