« Return to Thread: Evaluating Archive Managers - can Artifactory do this?

Re: Evaluating Archive Managers - can Artifactory do this?

by Yoav Landman :: Rate this Message:

Hi Chris,

See my answers inline.

Thanks,

Yoav

On Tue, Jun 23, 2009 at 5:32 PM, ChrisY <czbrooking@...> wrote:

Hi, The company I work for are currently performing maven builds using a
file-based repository on a shared drive. We would like the libraries to be
under some form of configuration management, and are evaluating Nexus,
Artifactory, and Archiva - selected simply because they are mentioned on the
Maven site. The requirements that we have are:

Not Automatically Fetching Libraries
We would like to be able to set up a repository that does not automatically
download a new library just because a developer specifies it in a .pom file.
We would like an administrator to have to add the file to the repository
deliberately. The initial archive would ideally be populated first from our
file-based repository, alternatively a build could force an initial fetch
then the archive configured not to fetch automatically.<br />

The reason that we want this is so that if a third party changes a library
without changing the version number we won't pick up the new version
unknowingly. Also we want to ensure that only known libraries and versions
are in a build.<br />

This fully supported and we actually have a large number of users using this setup of a "blessed" repository that can only be populated by certain roles.

Auditing of changes to repository
With information about who does what when. Ideally it would be nice to
enable the administrator to add a comment, so they could say why and for
which project

This is supported in the upcoming version. Currently you have detailed audit logs that capture any change on the repository.

"Normal" archiving of plug-ins
The archive should ideally act as a cache for plug-ins, downloading from the
internet when required.

Sure.

Security model for Administrators
Basically only administrators should be able to add or remove libraries or
versions from the repository.

Artifactory has a simple but powerful security model. AFAIK it is the only repo manager today supporting subdomain-admins (allowing users to assign permisssions to other users on dedicated subsections of the repo) and view of effective permissions per role and repo path.

I am looking at Artifactory to see how it can achieve the above. Any
pointers on what can/can't be done and how it can be achieved would be
welcome. I have had a response from Nexus saying that the Pro edition is
required to achieve the first requirement, and the second can only be
achieved by using some third party package to read the RSS feed.

Thanks,
Chris
--
View this message in context: http://www.nabble.com/Evaluating-Archive-Managers---can-Artifactory-do-this--tp24167058p24167058.html
Sent from the Artifactory-Users mailing list archive at Nabble.com.

------------------------------------------------------------------------------
Are you an open source citizen? Join us for the Open Source Bridge conference!
Portland, OR, June 17-19. Two days of sessions, one day of unconference: $250.
Need another reason to go? 24-hour hacker lounge. Register today!
http://ad.doubleclick.net/clk;215844324;13503038;v?http://opensourcebridge.org
_______________________________________________
Artifactory-users mailing list
Artifactory-users@...
https://lists.sourceforge.net/lists/listinfo/artifactory-users

------------------------------------------------------------------------------

_______________________________________________
Artifactory-users mailing list
Artifactory-users@...
https://lists.sourceforge.net/lists/listinfo/artifactory-users

« Return to Thread: Evaluating Archive Managers - can Artifactory do this?