Mailing-List: contact repository-help@apache.org; run by ezmlm
Precedence: bulk
Reply-To: repository@apache.org
Received-SPF: pass (asf.osuosl.org: domain of brett.porter@gmail.com
 designates 66.249.92.174 as permitted sender)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
        b=cvD/myDJzMNJgK7qm5yP8yWeLoI1qvyHQ6GsJ76SinhAZfvrZ3MZPOpEljYxfmlSp+78p0C6YjYQVNffnGr487dbfRaJMce+upNaj0aw0peOBtthEPyvOENRBaVGmUykO+mhBqoUKwO6yD50dQ45nGpHcASrVehhD5LZkDlQL0o=
Message-ID: <9e3862d80606070012g1127eecao74d3b36c7a8b80f7@mail.gmail.com>
Date: Wed, 7 Jun 2006 17:12:46 +1000
From: "Brett Porter" <brett.porter@gmail.com>
To: repository@apache.org
Subject: Re: [Plan of action] Setting up an official maven repository for the
 ASF
In-Reply-To: <31cc37360606062345n4a1dcd8eq1a5277590b858c33@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: <447BE319.90506@apache.org>
	 <31cc37360606062345n4a1dcd8eq1a5277590b858c33@mail.gmail.com>

Thanks Hen, good start. I somehow missed Stefano's message.

http://maven.apache.org/repository-manager/ has tools that should
cover the majority of what you have here so far. It's getting much
closer to being functional enough to use.

We should move to use WebDAV for deployment.

But I'll dig up those requirements before I jump at the rest of the details.

- Brett

On 07/06/06, Henri Yandell <flamefew@gmail.com> wrote:
> Nothing from Brett yet, so braindump from me.
>
> Two classes of repository - m1 and m2. We should focus on short-term
> goals for the m1 one and long-term for the m2 one.
>
> Some goals:
>
> * Development ease. It should not take forever to get a dependency deployed.
> * Authentic. PGP .asc files for each release.
> * Official. Projects should know their code is being placed in the repository.
> * Oversight. People shouldn't be deploying jars randomly.
> * Complete. Javadoc, Source and Binary jars.
> * Stable. Files should not be easy to change.
>
> Multiple repositories are needed:
>
> * ASF Release Repository.
> * ASF Snapshot Repository. Deployed to from CI.
> * ASF Development Repository. May contain 3rd party jars and manual snapshots.
>
> Some random ideas:
>
> * Monitoring. Have a script that mails this list when something is
> added to the release or development repositories. Much like a cvs
> commit in another project.
>
> * Tighten things up in a staggered way. Every couple of months we can
> enforce something new. ie) All non-PGP signed jars will be removed by
> X.
>
> * Pull the Maven repositories out of the mirroring system. It's
> unnecessary. With the rsync being down atm, there's not a lot of
> reason to avoid it. In fact, rm the ones in the maven repos and move
> the ones in archive.apache to repo.apache.org. Need various
> repo.apache.org directory names.
>
> Hen
>
> On 5/29/06, Stefano Mazzocchi <stefano@apache.org> wrote:
> > So, following up on my board@ message, here we should start to work on a
> > plan of action for setting up an official maven repository for the ASF
> > that would meet both board's legal concerns and infra's
> > technical/security concerns and general social feasibility concerns.
> >
> > I know Brett has been thinking about this a lot so I'll leave the
> > microphone to him to start.
> >
> > Let's rock.
> >
> > --
> > Stefano.
> >
> >
>


-- 
Apache Maven - http://maven.apache.org
"Better Builds with Maven" book - http://library.mergere.com/