FAQ

-----Original Message-----
From: Brett Porter
Sent: Friday, September 26, 2003 8:56 AM
To: 'Maven Users List'
Subject: RE: Corporate constructive criticism

I think you are assuming a lot about a typical corporate
environment
:) I would think most have separate networks and machines for
building, deploying, developing, and they have to get
around either by
ftp or ssh. Both are available in the aritfact plugin, as well as
file.
Obviously you work for companies with lots of money. I would
suggest that there are more places around the 100 developer
mark than the 1000 developer mark. And the smaller ones don't
have dedicated networks for building and deploying!
HAHAHAHHAHHAAAA! Sorry, that shouldn't be funny. We're about 10 developers
using Maven, but the company has many different subnets, firewalls and so
on. I expect most people have their production environments not
in the same
place as their development for security reasons...
Anyway, they're not dedicated, just separate.
Anyway, if the artifact plugin is the solution, thats great,
although it is unclear from the docs as to how that plugin is
to be used. I assume the idea is that it works behind the
scenes, defining the communication stuff and called by other
targets....
Yep. And artifact is one thing I hope to get rounded out (or find
out where
Michal was up to) before 1.0.
Well code in artifact plugin is quite functional.
There is one serious problem with it:
passwords, private key passphrases etc. probably shouldn't be kept in
properties files.

If we can live with the fact that they are kept as open text -
artifact plugin can be widely used.

Note that for HTTP, FTP, are highly insecure
Proxy server authentication is also not reliable from this point of view.

So what I did doesn't introduce substantial decrease of security in case of
those protocols.
Protocols from SSH family: SCP, SFTP can be used with key based
authentication and with or without
passphrase protection of keys.

For intranet repositories probably such "illusion" of security is probably
sufficient.

The truth is: either deployment of artifact will be secure or easy (read:
can be fully automated).
I am afraid those two things are not going well together. That is what
stopped me.

I tried also to walk other path: deploy operation can be delegated to shell
scripts
or generally to external programs. I don't have much experience in
windows/unix scripting and I didn't come
to nice/utilizable solution.
If somebody wish to help with this - that could be an alternative.


On windows WevDav shared folders can be visible as local folders
On Unix ftp, http(?), other(?) can be mounted to local file system.
Therefore file:// protocol can be more useful then it seems...

When Maven will work in client server mode those things can be solved in
different way.

Michal

P.S.
I am currently working on component based library which facilities both
deploy and fetch operations.
It's quite usable already, but I won't use it in maven before 1.0 is out
(unless something unexpected happens :)).
The Code and ... conception still needs some testing.




---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org

Search Discussions

Discussion Posts

Previous

Follow ups

Related Discussions

Discussion Navigation
viewthread | post
posts ‹ prev | 8 of 14 | next ›
Discussion Overview
groupusers @
categoriesmaven
postedSep 25, '03 at 9:05p
activeOct 7, '03 at 10:46p
posts14
users7
websitemaven.apache.org
irc#maven

People

Translate

site design / logo © 2021 Grokbase