This use case was exactly what the Procurement in Nexus was designed to support. It allows you to definitively control the artifacts used by your builds. The only alternative is to manage it my hand, which is labor intensive and error prone.
http://www.sonatype.com/products/nexus -----Original Message----- From: Merv Green [mailto:paradeofh...@gmail.com] Sent: Thursday, January 29, 2009 11:28 PM To: users@maven.apache.org Subject: Maven for the internet afraid Asking this embarrasses me, but must be done. I work for a company where the internet terrifies Them. They want to use Maven, but they think it should never go online, so they want a locked down internal repository containing whatever artifacts some couple hundred developers might need. Can we, as I believe, not effectively use Maven this way? If so, what are the alternatives? I see a few: 1. Only worry about the release bundle Compare dependency reports in continuous integration to some approved jar list, flagging anomalies along the way. Once ready for release, run some thorough check on the jar-with-dependencies. 2. wget all of Central A blunt instrument, but it would more or less work. How, though, do I go to the people who vet jars and say, "Hey, someone might someday need some of these..." 3. Build against some proxy repo for a while, then block it Obvious problems ensue. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@maven.apache.org For additional commands, e-mail: users-h...@maven.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@maven.apache.org For additional commands, e-mail: users-h...@maven.apache.org