You are viewing a plain text version of this content. The canonical link for it is here.
Posted to ivy-user@ant.apache.org by Michael Laccetti <mi...@s2g.ca> on 2008/04/25 01:04:49 UTC

RE: secure dependency artefacts

Is this an Ivy-specific issue?  Why not just require some credentials to
access both the SVN repository and the artefact repository?  Or am I missing
something?

Mike

> -----Original Message-----
> From: Shawn Castrianni [mailto:Shawn.Castrianni@halliburton.com]
> Sent: April 24, 2008 5:21 PM
> To: 'ivy-user@ant.apache.org'
> Subject: RE: secure dependency artifacts
> 
> How would all the developers unencrypt it?  They each have their own
> credentials with their own passwords.  What I am trying to achieve is
> for only the developers that have access to the source code in the
> Subversion repository to be able to see the src.zip when they do a
> resolve/retrieve.  That way nobody is getting access to source code
> that they don't already have with Subversion.
> 
> ---
> Shawn Castrianni
> 
> -----Original Message-----
> From: Niklas Matthies [mailto:ml_ivy-user@nmhq.net]
> Sent: Thursday, April 24, 2008 3:36 PM
> To: ivy-user@ant.apache.org
> Subject: Re: secure dependency artifacts
> 
> On Thu 2008-04-24 at 15:05h, Shawn Castrianni wrote on ivy-user:
> :
> > This is working great, but here comes a new corporate policy.
> > We have to increase the security of our source code and closely
> > monitor who has access to what.  We do this with our SVN server, but
> > by publishing the source.zip on a shared netapp storage device,
> > anybody can go to the network share and browse into these source zip
> > files. This essentially gives everybody access to all source code.
> 
> Why not just encrypt the source zip using something like PGP?
> That would be both simplest and safest.
> 
> -- Niklas Matthies
> 
> ----------------------------------------------------------------------
> This e-mail, including any attached files, may contain confidential and
> privileged information for the sole use of the intended recipient.  Any
> review, use, distribution, or disclosure by others is strictly
> prohibited.  If you are not the intended recipient (or authorized to
> receive information for the intended recipient), please contact the
> sender by reply e-mail and delete all copies of this message.