Re: Evaluating Archive Managers - can Artifactory do this?

Yoav Landman wrote:

Hi Chris,

See my answers inline.

Thanks,

Yoav

On Tue, Jun 23, 2009 at 5:32 PM, ChrisY <czbrooking@ybs.co.uk> wrote:

>
> Hi, The company I work for are currently performing maven builds using a
> file-based repository on a shared drive. We would like the libraries to be
> under some form of configuration management, and are evaluating Nexus,
> Artifactory, and Archiva - selected simply because they are mentioned on
> the
> Maven site. The requirements that we have are:
>
> Not Automatically Fetching Libraries
> We would like to be able to set up a repository that does not automatically
> download a new library just because a developer specifies it in a .pom
> file.
> We would like an administrator to have to add the file to the repository
> deliberately. The initial archive would ideally be populated first from our
> file-based repository, alternatively a build could force an initial fetch
> then the archive configured not to fetch automatically.<br />
>
> The reason that we want this is so that if a third party changes a library
> without changing the version number we won't pick up the new version
> unknowingly. Also we want to ensure that only known libraries and versions
> are in a build.<br />


This fully supported and we actually have a large number of users using this
setup of a "blessed" repository that can only be populated by certain roles.


>
> Auditing of changes to repository
> With information about who does what when. Ideally it would be nice to
> enable the administrator to add a comment, so they could say why and for
> which project


This is supported in the upcoming version. Currently you have detailed audit
logs that capture any change on the repository.


>
>
> "Normal" archiving of plug-ins
> The archive should ideally act as a cache for plug-ins, downloading from
> the
> internet when required.


Sure.

>
>
> Security model for Administrators
> Basically only administrators should be able to add or remove libraries or
> versions from the repository.


Artifactory has a simple but powerful security model. AFAIK it is the only
repo manager today supporting subdomain-admins (allowing users to assign
permisssions to other users on dedicated subsections of the repo) and view
of effective permissions per role and repo path.


>
> I am looking at Artifactory to see how it can achieve the above. Any
> pointers on what can/can't be done and how it can be achieved would be
> welcome. I have had a response from Nexus saying that the Pro edition is
> required to achieve the first requirement, and the second can only be
> achieved by using some third party package to read the RSS feed.
>
> Thanks,
> Chris
> --
> View this message in context:
> http://www.nabble.com/Evaluating-Archive-Managers---can-Artifactory-do-this--tp24167058p24167058.html
> Sent from the Artifactory-Users mailing list archive at Nabble.com.
>
>
>
> ------------------------------------------------------------------------------
> Are you an open source citizen? Join us for the Open Source Bridge
> conference!
> Portland, OR, June 17-19. Two days of sessions, one day of unconference:
> $250.
> Need another reason to go? 24-hour hacker lounge. Register today!
>
> http://ad.doubleclick.net/clk;215844324;13503038;v?http://opensourcebridge.org
> _______________________________________________
> Artifactory-users mailing list
> Artifactory-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/artifactory-users
>

------------------------------------------------------------------------------

_______________________________________________
Artifactory-users mailing list
Artifactory-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/artifactory-users