That's exactly what I want. I want maven to be able to download what it needs... but it's repository for execution of the tool should be different than the repository I use for my builds. Doesn't seem to be a way to do this.
Craig -----Original Message----- From: Milos Kleint [mailto:[EMAIL PROTECTED] Sent: Thursday, August 26, 2004 10:24 AM To: Maven Users List Subject: Re: Is there a way to separate maven's repository from my repository? One problem I see with restricting repository access is that even maven plugins attempt to download their dependencies from the web. It can be from ibiblio or elsewhere. what about writing a shell wrapper or something that would take care that nothing apart from the allowed repository is connected when running maven. Or even patch the maven sources and do a custom build. How to do that I don't know though.. Regards. Milos Kleint Courtney, Craig wrote: >That could work but adds to much responsibility to the centralized body. Their job >is only to approve external libraries for use not control your entire project. If >only they could change the project.xml they would have to be involved in adding new >packages inside the project, maintaining internal releases, etc. > >Craig > >-----Original Message----- >From: Ryan Sonnek [mailto:[EMAIL PROTECTED] >Sent: Thursday, August 26, 2004 10:06 AM >To: Maven Users List >Subject: RE: Is there a way to separate maven's repository from my >repository? > > >wouldn't the easiest solution be to lock down the project.xml to only be modified by >"approved" personel? > >-----Original Message----- >From: Courtney, Craig [mailto:[EMAIL PROTECTED] >Sent: Thursday, August 26, 2004 8:57 AM >To: Maven Users List >Subject: RE: Is there a way to separate maven's repository from my >repository? > > >I realize that someone can always circumvent any measures put in place. The point is >to put in place a certification process, and make it difficult to go outside the >process. I will only make available code (internal and external) that has passed >this process in my repository. I don't want any chance of a non-certified version >being "pulled" down via ibiblio with out easily spotable circumventions. If he can >just add it to his POM he has likley already done a lot of work around that "illegal" >library before this is caught. > >We are also setting up a centralized build process so individual projects would not >be able to override the repositories. As the home directory build.properties would >specify only the internal repository. > >Your comment about why would you want to join the project is failing in mindset. I >am not talking about a open source project I am talking about using Maven inside an >enterprise. I can not blindly allow any piece of code on ibiblio to make it inside >our interal software. We have to centralize our evaluation of open source licenses >and decide whether their restrictions are suitable for the intended usage. > >Craig > >-----Original Message----- >From: Jörg Schaible [mailto:[EMAIL PROTECTED] >Sent: Thursday, August 26, 2004 9:43 AM >To: Maven Users List >Subject: RE: Is there a way to separate maven's repository from my >repository? > > >Courtney, Craig wrote on Thursday, August 26, 2004 3:33 PM: > > > >>Yes I know. The whole point to our creating a repository is >>to control what libraries and versions there of get >>introduced into our applications. If I am forced to make >>available in my repository everything under the sun why >>bother. It would be easier to just let every development >>team download anything they want and include it in their >>build process. The entire reason I was looking at maven was >>to start controlling this issue not enabling it. >> >> > >You can't really stop it. There is always a workaround. At least you have to create >then your own (company) repo and prevent direct internet access, that no-one is able >to activate ibiblio simply by adding it to the remote repositories. Additionally you >must ensure (by check-in policy ?) that no-one uses jar override. But, tell me, why >would I not want to join the project ... > >Honestly, the POM has detailed information what library in which version is used. >That's enough. If you want to ensure inter-project consistency you might start to use >entities (as described on the wiki) or since RC4 you can achieve something similar to >a certain point by using (inherited) properties for the versions. > >- Jörg > >[snip] > >--------------------------------------------------------------------- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] > > >--------------------------------------------------------------------- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] > > >--------------------------------------------------------------------- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] > > >--------------------------------------------------------------------- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
