Asking this embarrasses me, but must be done.
I work for a company where the internet terrifies Them. They want to use
Maven, but they think it should never go online, so they want a locked
down internal repository containing whatever artifacts some couple
hundred developers might need.
Can we, as I believe, not effectively use Maven this way?
If so, what are the alternatives?
I see a few:
1. Only worry about the release bundle
Compare dependency reports in continuous integration to some approved
jar list, flagging anomalies along the way. Once ready for release, run
some thorough check on the jar-with-dependencies.
2. wget all of Central
A blunt instrument, but it would more or less work. How, though, do I
go to the people who vet jars and say, "Hey, someone might someday need
some of these..."
3. Build against some proxy repo for a while, then block it
Obvious problems ensue.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@maven.apache.org
For additional commands, e-mail: users-h...@maven.apache.org