archiva-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From solo1970 <>
Subject Re: Approved versions
Date Wed, 03 Dec 2008 13:58:57 GMT


For builds going to the testing group, it would be somewhat of an audit
report, some kind of warning mecanism that there are unapproved thrid party
products used in the build.

For "official" releases this can definitely viewed as a build time

But you are right, this business of approved/unapproved software is quite
tricky and is not necessarily straightforward.  

Thanks for the info


Wendy Smoak-3 wrote:
> On Tue, Dec 2, 2008 at 1:33 PM, solo1970
> <> wrote:
>> Any of the third-party products used to produce our software need to be
>> approved by a special departement.  Is there any way to ensure that the
>> third-party products we use for "official" releases have all been
>> approved?
>> (like a keyword or setting)....
> There's nothing currently in Archiva to handle this, though depending
> on what you need, that might not be necessary.  For example, you could
> deploy additional metadata beside the artifact to describe the
> approvals.  Do you see it as a build-time failure if a team uses an
> unapproved artifact, or would you want an audit report after the fact?
> From experience with this problem... unless you have a very simple
> governance model, it's not a binary "approved" or "not approved"
> forever decision.  An artifact might be approved for use by one team
> and not another.  And approvals may have a time span, after which they
> expire.
> (Also, you might want to look at Palamida's products, this is one of
> the things they do.)
> -- 
> Wendy

View this message in context:
Sent from the archiva-users mailing list archive at

View raw message