4. In a commercial environment, it is especially important to control what assets that are accessible to developers, generally for legal reasons.
and
I often took them at face value until quite recently. But my latest job has driven home the need to maintain tight control on the dependency chains and anything that opens that up is anathema to my current happiness. The focus on central is obviously because of it's implict inclusion in the super pom. Effectively, it's difficult to remove central as a repo, and therefore isn't something you'd do lightly. Thus anything unnecessary that makes an artifact from central more complex is ....ummmm..... an unncessary complexity. :)
I still maintain, as I have said in other threads, you should audit not enforce lock down. By attempting to control and lock down what can and can't be downloaded you are just asking for trouble. It is far easier to assume that your developers are competent and using sanctioned versions of artifacts and to audit this fact. Only when the audit fails do you fix the problem. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
