Re: Evaluating Archive Managers - can Nexus do this

Tamás Cservenák wrote:

Hi there,

at first glance, you would achieve your requirements by using
following features of latest Nexus Pro release:

- Not Automatically Fetching libraries: Artifact procurement
http://www.sonatype.com/books/nexus-book/reference/procure.html

- Auditing of changes to repository: not completely equal to your
needs, but Nexus does have RSS feeds, and they do say who did what and
when. You can tie that RSS feed in some 3rd party software to add
comments/annotate those. Not described in the book, but you can see
all available RSS feeds on our instance:
http://repository.sonatype.org/index.html#feed-view-system-changes

- "Normal" archiving of plugins: plain proxying, basic capability of
Nexus. You would end up with a grouped repository, that would contain
this non-procured repo with plugins and the procured repository for
your other dependencies.

- Security model for Administrators: easily done, Nexus security is
really fine-grained (maybe even too fine) :)
http://www.sonatype.com/books/nexus-book/reference/config.html

Just to mention, the 1st requirement "procurement" is available in
Nexus Pro only, while the rest is available in Nexus OSS too.

Hope helps,
~t~

On Tue, Jun 23, 2009 at 2:56 PM, ChrisY<czbrooking@ybs.co.uk> wrote:
> Hi, The company I work for are currently performing maven builds using a
> file-based repository on a shared drive. We would like the libraries to be
> under some form of configuration management, and are evaluating Nexus,
> Affinity, and Archiva - selected simply because they are mentioned on the
> Maven site. The requirements that we have are:
>
> Not Automatically Fetching Libraries
> We would like to be able to set up a repository that does not automatically
> download a new library just because a developer specifies it in a .pom file.
> We would like an administrator to have to add the file to the repository
> deliberately. The initial archive would ideally be populated first from our
> file-based repository, alternatively a build could force an initial fetch
> then the archive configured not to fetch automatically.
>
> The reason that we want this is so that if a third party changes a library
> without changing the version number we won't pick up the new version
> unknowingly. Also we want to ensure that only known libraries and versions
> are in a build.
>
> Auditing of changes to repository
> With information about who does what when. Ideally it would be nice to
> enable the administrator to add a comment, so they could say why and for
> which project.
>
> "Normal" archiving of plug-ins
> The archive should ideally act as a cache for plug-ins, downloading from the
> internet when required.
>
> Security model for Administrators
> Basically only administrators should be able to add or remove libraries or
> versions from the repository.
>
> I am looking at Nexus to see how it can achieve the above, I assume that we
> need to use a hosted repository. Any pointers on what can/can't be done and
> how it can be achieved would be welcome.
>
> Thanks,
> Chris
> ________________________________
> View this message in context: Evaluating Archive Managers - can Nexus do
> this
> Sent from the Nexus Maven Repository Manager Users List mailing list archive
> at Nabble.com.
>

---------------------------------------------------------------------
To unsubscribe, e-mail: nexus-user-unsubscribe@sonatype.org
For additional commands, e-mail: nexus-user-help@sonatype.org