> -----Original Message-----
> From: Brett Porter [mailto:[EMAIL PROTECTED]
> Sent: Friday, September 26, 2003 8:56 AM
> To: 'Maven Users List'
> Subject: RE: Corporate constructive criticism
>
>
> > > I think you are assuming a lot about a typical corporate
> > environment
> > > :) I would think most have separate networks and machines for
> > > building, deploying, developing, and they have to get
> > around either by
> > > ftp or ssh. Both are available in the aritfact plugin, as well as
> > > file.
> > Obviously you work for companies with lots of money. I would
> > suggest that there are more places around the 100 developer
> > mark than the 1000 developer mark. And the smaller ones don't
> > have dedicated networks for building and deploying!
>
> HAHAHAHHAHHAAAA! Sorry, that shouldn't be funny. We're about 10 developers
> using Maven, but the company has many different subnets, firewalls and so
> on. I expect most people have their production environments not
> in the same
> place as their development for security reasons...
> Anyway, they're not dedicated, just separate.
>
> > Anyway, if the artifact plugin is the solution, thats great,
> > although it is unclear from the docs as to how that plugin is
> > to be used. I assume the idea is that it works behind the
> > scenes, defining the communication stuff and called by other
> > targets....
>
> Yep. And artifact is one thing I hope to get rounded out (or find
> out where
> Michal was up to) before 1.0.
>

Well code in artifact plugin is quite functional.
There is one serious problem with it:
passwords, private key passphrases etc. probably shouldn't be kept in
properties files.

If we can live with the fact that they are kept as open text -
artifact plugin can be widely used.

Note that for HTTP, FTP,  are highly insecure
Proxy server authentication is also not reliable from this point of view.

So what I did doesn't introduce substantial decrease of security in case of
those protocols.
Protocols from SSH family: SCP, SFTP can be used with key based
authentication and with or without
passphrase protection of keys.

For intranet repositories probably such "illusion" of security is probably
sufficient.

The truth is: either deployment of artifact will be secure or easy (read:
can be fully automated).
I am afraid those two things are not going well together.  That is what
stopped me.

I tried also to walk other path: deploy operation can be  delegated to shell
scripts
or generally to external programs. I don't have much experience in
windows/unix scripting and I didn't come
to nice/utilizable solution.
If somebody wish to help with this - that could be an alternative.


On windows WevDav shared folders can be visible as local folders
On Unix ftp, http(?), other(?) can be mounted to local file system.
Therefore file:// protocol can be more useful then it seems...

When Maven will work in client server mode those things can be solved in
different way.

Michal

P.S.
I am currently working on component based library which facilities both
deploy and fetch operations.
It's quite usable already, but I won't use it in maven before 1.0 is out
(unless something unexpected happens :)).
The Code and ... conception still needs some testing.




---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to