Evaluating Archive Managers - can Artifactory do this?

Hi, The company I work for are currently performing maven builds using a file-based repository on a shared drive. We would like the libraries to be under some form of configuration management, and are evaluating Nexus, Artifactory, and Archiva - selected simply because they are mentioned on the Maven site. The requirements that we have are:

Not Automatically Fetching Libraries
We would like to be able to set up a repository that does not automatically download a new library just because a developer specifies it in a .pom file. We would like an administrator to have to add the file to the repository deliberately. The initial archive would ideally be populated first from our file-based repository, alternatively a build could force an initial fetch then the archive configured not to fetch automatically.<br />

The reason that we want this is so that if a third party changes a library without changing the version number we won't pick up the new version unknowingly. Also we want to ensure that only known libraries and versions are in a build.<br />

Auditing of changes to repository
With information about who does what when. Ideally it would be nice to enable the administrator to add a comment, so they could say why and for which project

"Normal" archiving of plug-ins
The archive should ideally act as a cache for plug-ins, downloading from the internet when required.

Security model for Administrators
Basically only administrators should be able to add or remove libraries or versions from the repository.

I am looking at Artifactory to see how it can achieve the above. Any pointers on what can/can't be done and how it can be achieved would be welcome. I have had a response from Nexus saying that the Pro edition is required to achieve the first requirement, and the second can only be achieved by using some third party package to read the RSS feed.

Thanks,
Chris