On Thu, Apr 24, 2008 at 10:05 PM, Shawn Castrianni < Shawn.Castrianni@halliburton.com> wrote: > Currently we have an ivy repository that is within our corporate firewall > on a shared Netapp storage device. It is constantly being added to as each > continuous build publishes its latest version. In the past as part of the > ANT build, we would zip up the source code used to produce each build and > publish it as an artifact along with the build. This is useful for when > developers working on modules high up in the dependency chain need to debug > down to a dependent module inside their IDE. Having the source zip files > gives them the source code to debug into. > > This is working great, but here comes a new corporate policy. We have to > increase the security of our source code and closely monitor who has access > to what. We do this with our SVN server, but by publishing the source.zip > on a shared netapp storage device, anybody can go to the network share and > browse into these source zip files. This essentially gives everybody access > to all source code. > > So my question is if there is a way to have secured dependency artifacts? > Can we have all artifacts be readable but then have the source.zip require > a username and password before it downloads with a resolve/retrieve? Even > if this were possible, we would still need to keep the shared netapp storage > device readable by everybody so that they could successfully download > dependencies other than the source zip files. > > Any ideas? Perhaps use the svnivy plugin and store our repository > artifacts inside SVN which has authentication options to protect against > what is accessible?? You can easily split your repository and put your source zips on svn instead of your netapp (using a chain resolver for the artifact resolution). Using svn security feature you'll have something secure. The problem I see with this is that if someone asks the source artifact of a module on which he doesn't have access, you will have a failure. Maybe it's not a problem, I don't know how you say you want the source artifacts, but if set on flag to get all source artifacts transitively, it may be a problem. Xavier > > > --- > Shawn Castrianni > > ---------------------------------------------------------------------- > This e-mail, including any attached files, may contain confidential and > privileged information for the sole use of the intended recipient. Any > review, use, distribution, or disclosure by others is strictly prohibited. > If you are not the intended recipient (or authorized to receive information > for the intended recipient), please contact the sender by reply e-mail and > delete all copies of this message. -- Xavier Hanin - Independent Java Consultant http://xhab.blogspot.com/ http://ant.apache.org/ivy/ http://www.xoocode.org/