archiva-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From solo1970 <sonia.lodoviche...@ericsson.com>
Subject Re: Approved versions
Date Wed, 03 Dec 2008 13:58:57 GMT

Hello,

For builds going to the testing group, it would be somewhat of an audit
report, some kind of warning mecanism that there are unapproved thrid party
products used in the build.

For "official" releases this can definitely viewed as a build time
failure...

But you are right, this business of approved/unapproved software is quite
tricky and is not necessarily straightforward.  

Thanks for the info

Sonia


Wendy Smoak-3 wrote:
> 
> On Tue, Dec 2, 2008 at 1:33 PM, solo1970
> <sonia.lodovichetti@ericsson.com> wrote:
> 
>> Any of the third-party products used to produce our software need to be
>> approved by a special departement.  Is there any way to ensure that the
>> third-party products we use for "official" releases have all been
>> approved?
>> (like a keyword or setting)....
> 
> There's nothing currently in Archiva to handle this, though depending
> on what you need, that might not be necessary.  For example, you could
> deploy additional metadata beside the artifact to describe the
> approvals.  Do you see it as a build-time failure if a team uses an
> unapproved artifact, or would you want an audit report after the fact?
> 
> From experience with this problem... unless you have a very simple
> governance model, it's not a binary "approved" or "not approved"
> forever decision.  An artifact might be approved for use by one team
> and not another.  And approvals may have a time span, after which they
> expire.
> 
> (Also, you might want to look at Palamida's products, this is one of
> the things they do.)
> 
> -- 
> Wendy
> 
> 

-- 
View this message in context: http://www.nabble.com/Approved-versions-tp20800313p20813416.html
Sent from the archiva-users mailing list archive at Nabble.com.


Mime
View raw message