Thank you Ron. We already do the first. We are considering the second, but for a repo with a very large number of artifacts this is somewhat impractical. To mitigate that, we may consider automating it. Finally, knowing what to expect appears to present some problems to me.
Michael Tarullo Contractor (Engility Corp) Enterprise Architect NSRR System Administrator FAA WJH Technical Center (609)485-5294 -----Original Message----- From: Ron Wheeler [mailto:[email protected]] Sent: Friday, October 16, 2015 12:56 PM To: [email protected] Subject: Re: Setting Up Internal Repositories Hard to say but checking the checksums from the author's site would be one way to vet a release from a third party. Opening the download and looking inside to see that the artifacts are the ones that you were expecting is less secure but could be part of vetting. Ron On 16/10/2015 12:33 PM, [email protected] wrote: > The Maven Introduction to Repositories documentation contains a section that > describes setting up an internal repository. > > In that section is described an option to manually download and vet releases, > apparently of a remote repo. > > What is meant by "vet"? Can you provide an example of how a repo release > would be vetted? I suspect this is highly dependent on the intended use of > the repo, but I'm just trying to get a general idea of what is involved. > > Thank you. > > Mike > > Michael Tarullo > Contractor (Engility Corp) > Enterprise Architect > NSRR System Administrator > FAA WJH Technical Center > (609)485-5294 > > -- Ron Wheeler President Artifact Software Inc email: [email protected] skype: ronaldmwheeler phone: 866-970-2435, ext 102 --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
