Hi,
I cannot answer all your question, but I'll try to help with what I know..
ChrisY wrote:
Not Automatically Fetching Libraries
We would like to be able to set up a repository that does not automatically download a new library just because a developer specifies it in a .pom file. We would like an administrator to have to add the file to the repository deliberately. The initial archive would ideally be populated first from our file-based repository, alternatively a build could force an initial fetch then the archive configured not to fetch automatically.<br />
This happens for sure with artifactory, from what I tested it works in nexus and archiva too.
ChrisY wrote:
Auditing of changes to repository
With information about who does what when. Ideally it would be nice to enable the administrator to add a comment, so they could say why and for which project
At the moment there's no chance to get something like that in artifactory, on the other side nexus and archiva both have rss feeds.
Nexus has several different feeds for updated, broken,.. artifacts. Archiva has a smaller set of feeds.
I don't think you can add comments, but I ain't sure.
ChrisY wrote:
Security model for Administrators
Basically only administrators should be able to add or remove libraries or versions from the repository.
In all 3 there is the possibility to define roles and prevent users to do stuff.
Artifactory is the easiest, but, seems to me, is also the more limited of the 3.
One thing I don't like about artifactory is the fact that the artifacts are stored in a DB, whereas in nexus and archiva they are stored in the file system.
I hope this helps a little
rgds
Turbo
