Return-Path: Delivered-To: apmail-ant-ivy-user-archive@www.apache.org Received: (qmail 43048 invoked from network); 6 Apr 2011 18:44:55 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 6 Apr 2011 18:44:55 -0000 Received: (qmail 21729 invoked by uid 500); 6 Apr 2011 18:44:54 -0000 Delivered-To: apmail-ant-ivy-user-archive@ant.apache.org Received: (qmail 21694 invoked by uid 500); 6 Apr 2011 18:44:54 -0000 Mailing-List: contact ivy-user-help@ant.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: ivy-user@ant.apache.org Delivered-To: mailing list ivy-user@ant.apache.org Received: (qmail 21686 invoked by uid 99); 6 Apr 2011 18:44:54 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 06 Apr 2011 18:44:54 +0000 X-ASF-Spam-Status: No, hits=-0.0 required=5.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of Kfiles@masergy.com designates 64.47.5.26 as permitted sender) Received: from [64.47.5.26] (HELO SMTP2.MASERGY.COM) (64.47.5.26) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 06 Apr 2011 18:44:48 +0000 Received: from MTXHUB2.add0.masergy.com (10.20.1.170) by SMTP2.MASERGY.COM (64.47.5.26) with Microsoft SMTP Server (TLS) id 8.3.137.0; Wed, 6 Apr 2011 13:44:18 -0500 Received: from [64.47.104.72] (64.47.104.72) by smtp.masergy.com (10.20.1.175) with Microsoft SMTP Server id 8.3.137.0; Wed, 6 Apr 2011 13:44:26 -0500 Message-ID: <4D9CB489.10209@masergy.com> Date: Wed, 6 Apr 2011 14:44:25 -0400 From: Kirby Files User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.14) Gecko/20110223 Lightning/1.0b2 Thunderbird/3.1.8 MIME-Version: 1.0 To: "ivy-user@ant.apache.org" CC: Shawn Castrianni Subject: Re: IVY design opinion References: In-Reply-To: Content-Type: text/plain; charset="ISO-8859-1"; format=flowed Content-Transfer-Encoding: 7bit Do you have an objection to using an http resolver or ftp resolver? Both of these could be used with authentication, supplying ant user.name in a property. Not sure if you require actual secure authentication, or just username. Either of these resolvers could also share the same filesystem with your private filesystem resolver, which could be restricted to be used only on build systems. Both the web server and ftp server would give you a good audit trail. You can use either a URL resolver or VFS resolver to access HTTP and FTP. Thanks, --- Kirby Files Software Engineer Masergy Communications kfiles@masergy.com Shawn Castrianni wrote on 04/06/2011 02:07 PM: > I have been using IVY for 3 years now and love it. I use the filesystem resolver to get dependencies that I publish from my own builds and the svn resolver to get thirdparty dependencies that I have downloaded from the internet and manually checked in. My company wants to be very strict on thirdparty dependencies so that is why we get them from a controlled SVN repository and not straight from the Internet using ibiblio or whatever. > > Anyway, I was recently given a new requirement. I must track and trace all dependency downloads within the company so that I can produce an audit log when asked any time in the future. This audit log would contain the date/time and artifacts downloaded by a given user. > > I have been thinking on how to implement this and here are my thoughts: > > 1. Turn off read access on the filer server where the filesystem resolver is getting dependencies from so no one can bypass the auditing and grab artifacts directly. Setup a special user with read credentials to the file server that only the ANT/IVY scripts know about. Add custom ANT code to my master build script so that it captures the ivy resolve/retrieve log and sends it to some audit log storage server anytime a user runs the dependency command. > > 2. Move all of my published artifacts currently on the file server to SVN (similar to the thirdparty SVN repo described above). Change my filesystem resolver to an SVN resolver. Then any user running the dependency command will be pulling artifacts from SVN. I can then just use the SVN server logs as an audit trail. However, I worry about using SVN for hundreds of Gigabytes of data as an IVY dependency artifact repository. We produce about 4GB of data per day. Imagine how big the SVN repo would get after a year. With the current file server approach, we remove dependency artifacts older than a week to avoid this data accumulation problem. > > 3. Make my own custom IVY resolver that has audit trail support that can still use a filesystem. This is essentially the same as option #1 but the auditing is done in Java code as part of the custom IVY resolver instead of ANT code in the master build script. > > > Anybody out there have any opinions or suggestions? > > --- > Shawn Castrianni > > ---------------------------------------------------------------------- > This e-mail, including any attached files, may contain confidential and privileged information for the sole use of the intended recipient. Any review, use, distribution, or disclosure by others is strictly prohibited. If you are not the intended recipient (or authorized to receive information for the intended recipient), please contact the sender by reply e-mail and delete all copies of this message.