ant-ivy-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Xavier Hanin" <xavier.ha...@gmail.com>
Subject Re: secure dependency artifacts
Date Fri, 25 Apr 2008 05:58:44 GMT
On Thu, Apr 24, 2008 at 10:05 PM, Shawn Castrianni <
Shawn.Castrianni@halliburton.com> wrote:

> Currently we have an ivy repository that is within our corporate firewall
> on a shared Netapp storage device.  It is constantly being added to as each
> continuous build publishes its latest version.  In the past as part of the
> ANT build, we would zip up the source code used to produce each build and
> publish it as an artifact along with the build.  This is useful for when
> developers working on modules high up in the dependency chain need to debug
> down to a dependent module inside their IDE.  Having the source zip files
> gives them the source code to debug into.
>
> This is working great, but here comes a new corporate policy.  We have to
> increase the security of our source code and closely monitor who has access
> to what.  We do this with our SVN server, but by publishing the source.zip
> on a shared netapp storage device, anybody can go to the network share and
> browse into these source zip files.  This essentially gives everybody access
> to all source code.
>
> So my question is if there is a way to have secured dependency artifacts?
>  Can we have all artifacts be readable but then have the source.zip require
> a username and password before it downloads with a resolve/retrieve?  Even
> if this were possible, we would still need to keep the shared netapp storage
> device readable by everybody so that they could successfully download
> dependencies other than the source zip files.
>
> Any ideas?  Perhaps use the svnivy plugin and store our repository
> artifacts inside SVN which has authentication options to protect against
> what is accessible??


You can easily split your repository and put your source zips on svn instead
of your netapp (using a chain resolver for the artifact resolution). Using
svn security feature you'll have something secure. The problem I see with
this is that if someone asks the source artifact of a module on which he
doesn't have access, you will have a failure. Maybe it's not a problem, I
don't know how you say you want the source artifacts, but if set on flag to
get all source artifacts transitively, it may be a problem.

Xavier


>
>
> ---
> Shawn Castrianni
>
> ----------------------------------------------------------------------
> This e-mail, including any attached files, may contain confidential and
> privileged information for the sole use of the intended recipient.  Any
> review, use, distribution, or disclosure by others is strictly prohibited.
>  If you are not the intended recipient (or authorized to receive information
> for the intended recipient), please contact the sender by reply e-mail and
> delete all copies of this message.




-- 
Xavier Hanin - Independent Java Consultant
http://xhab.blogspot.com/
http://ant.apache.org/ivy/
http://www.xoocode.org/

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message