Return-Path: Delivered-To: apmail-ant-ivy-user-archive@www.apache.org Received: (qmail 40301 invoked from network); 6 Apr 2011 18:07:41 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 6 Apr 2011 18:07:41 -0000 Received: (qmail 51634 invoked by uid 500); 6 Apr 2011 18:07:40 -0000 Delivered-To: apmail-ant-ivy-user-archive@ant.apache.org Received: (qmail 51608 invoked by uid 500); 6 Apr 2011 18:07:40 -0000 Mailing-List: contact ivy-user-help@ant.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: ivy-user@ant.apache.org Delivered-To: mailing list ivy-user@ant.apache.org Received: (qmail 51600 invoked by uid 99); 6 Apr 2011 18:07:40 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 06 Apr 2011 18:07:40 +0000 X-ASF-Spam-Status: No, hits=2.2 required=5.0 tests=HTML_MESSAGE,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of prvs=70777d0fdf=shawn.castrianni@halliburton.com designates 67.231.152.145 as permitted sender) Received: from [67.231.152.145] (HELO mx0b-0000bf01.pphosted.com) (67.231.152.145) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 06 Apr 2011 18:07:30 +0000 Received: from pps.filterd (m0003034 [127.0.0.1]) by mx0b-0000bf01.pphosted.com (8.14.3/8.14.3) with SMTP id p36I2daF022331 for ; Wed, 6 Apr 2011 11:07:08 -0700 Received: from np1exhu010.corp.halliburton.com ([34.254.247.190]) by mx0b-0000bf01.pphosted.com with ESMTP id vgvpwr6ej-13 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NOT) for ; Wed, 06 Apr 2011 11:07:08 -0700 Received: from NP1EXMB012.corp.halliburton.com ([34.34.134.18]) by NP1EXHU010.corp.halliburton.com ([34.34.132.66]) with mapi; Wed, 6 Apr 2011 13:07:01 -0500 From: Shawn Castrianni To: "ivy-user@ant.apache.org" Date: Wed, 6 Apr 2011 13:07:00 -0500 Subject: IVY design opinion Thread-Topic: IVY design opinion Thread-Index: Acv0gnMoC7UwzQJBTDmO1zoyrs1+9A== Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: multipart/alternative; boundary="_000_FC28BDC007C04141969BD4EAAFEC60F129B2FB8F34NP1EXMB012cor_" MIME-Version: 1.0 X-HALSTAMP: TRUE X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.2.15,1.0.148,0.0.0000 definitions=2011-04-06_05:2011-04-06,2011-04-06,1970-01-01 signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 ipscore=0 suspectscore=1 phishscore=0 bulkscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx engine=6.0.2-1012030000 definitions=main-1104060099 X-Virus-Checked: Checked by ClamAV on apache.org --_000_FC28BDC007C04141969BD4EAAFEC60F129B2FB8F34NP1EXMB012cor_ Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="ISO-8859-1" I have been using IVY for 3 years now and love it. I use the filesystem re= solver to get dependencies that I publish from my own builds and the svn re= solver to get thirdparty dependencies that I have downloaded from the inter= net and manually checked in. My company wants to be very strict on thirdpa= rty dependencies so that is why we get them from a controlled SVN repositor= y and not straight from the Internet using ibiblio or whatever. Anyway, I was recently given a new requirement. I must track and trace all= dependency downloads within the company so that I can produce an audit log= when asked any time in the future. This audit log would contain the date/= time and artifacts downloaded by a given user. I have been thinking on how to implement this and here are my thoughts: 1. Turn off read access on the filer server where the filesystem reso= lver is getting dependencies from so no one can bypass the auditing and gra= b artifacts directly. Setup a special user with read credentials to the fi= le server that only the ANT/IVY scripts know about. Add custom ANT code to= my master build script so that it captures the ivy resolve/retrieve log an= d sends it to some audit log storage server anytime a user runs the depende= ncy command. 2. Move all of my published artifacts currently on the file server to= SVN (similar to the thirdparty SVN repo described above). Change my files= ystem resolver to an SVN resolver. Then any user running the dependency co= mmand will be pulling artifacts from SVN. I can then just use the SVN serv= er logs as an audit trail. However, I worry about using SVN for hundreds o= f Gigabytes of data as an IVY dependency artifact repository. We produce a= bout 4GB of data per day. Imagine how big the SVN repo would get after a y= ear. With the current file server approach, we remove dependency artifacts= older than a week to avoid this data accumulation problem. 3. Make my own custom IVY resolver that has audit trail support that = can still use a filesystem. This is essentially the same as option #1 but = the auditing is done in Java code as part of the custom IVY resolver instea= d of ANT code in the master build script. Anybody out there have any opinions or suggestions? --- Shawn Castrianni ---------------------------------------------------------------------- This e-mail, including any attached files, may contain confidential and pri= vileged information for the sole use of the intended recipient. Any review= , use, distribution, or disclosure by others is strictly prohibited. If yo= u are not the intended recipient (or authorized to receive information for = the intended recipient), please contact the sender by reply e-mail and dele= te all copies of this message. --_000_FC28BDC007C04141969BD4EAAFEC60F129B2FB8F34NP1EXMB012cor_--