Approved versions

[solo1970 <so...@ericsson.com>]

Hello All,

I have another issue (we are ccurently putting in place a process, does it
show? ;o) )

Any of the third-party products used to produce our software need to be
approved by a special departement.  Is there any way to ensure that the
third-party products we use for "official" releases have all been approved?
(like a keyword or setting)....

Sonia
-- 
View this message in context: http://www.nabble.com/Approved-versions-tp20800313p20800313.html
Sent from the archiva-users mailing list archive at Nabble.com.

Re: Approved versions

[solo1970 <so...@ericsson.com>]

Hello,

For builds going to the testing group, it would be somewhat of an audit
report, some kind of warning mecanism that there are unapproved thrid party
products used in the build.

For "official" releases this can definitely viewed as a build time
failure...

But you are right, this business of approved/unapproved software is quite
tricky and is not necessarily straightforward.  

Thanks for the info

Sonia


Wendy Smoak-3 wrote:
> 
> On Tue, Dec 2, 2008 at 1:33 PM, solo1970
> <so...@ericsson.com> wrote:
> 
>> Any of the third-party products used to produce our software need to be
>> approved by a special departement.  Is there any way to ensure that the
>> third-party products we use for "official" releases have all been
>> approved?
>> (like a keyword or setting)....
> 
> There's nothing currently in Archiva to handle this, though depending
> on what you need, that might not be necessary.  For example, you could
> deploy additional metadata beside the artifact to describe the
> approvals.  Do you see it as a build-time failure if a team uses an
> unapproved artifact, or would you want an audit report after the fact?
> 
> From experience with this problem... unless you have a very simple
> governance model, it's not a binary "approved" or "not approved"
> forever decision.  An artifact might be approved for use by one team
> and not another.  And approvals may have a time span, after which they
> expire.
> 
> (Also, you might want to look at Palamida's products, this is one of
> the things they do.)
> 
> -- 
> Wendy
> 
> 

-- 
View this message in context: http://www.nabble.com/Approved-versions-tp20800313p20813416.html
Sent from the archiva-users mailing list archive at Nabble.com.

Re: Approved versions

[Wendy Smoak <ws...@gmail.com>]

On Tue, Dec 2, 2008 at 1:33 PM, solo1970
<so...@ericsson.com> wrote:

> Any of the third-party products used to produce our software need to be
> approved by a special departement.  Is there any way to ensure that the
> third-party products we use for "official" releases have all been approved?
> (like a keyword or setting)....

There's nothing currently in Archiva to handle this, though depending
on what you need, that might not be necessary.  For example, you could
deploy additional metadata beside the artifact to describe the
approvals.  Do you see it as a build-time failure if a team uses an
unapproved artifact, or would you want an audit report after the fact?

>From experience with this problem... unless you have a very simple
governance model, it's not a binary "approved" or "not approved"
forever decision.  An artifact might be approved for use by one team
and not another.  And approvals may have a time span, after which they
expire.

(Also, you might want to look at Palamida's products, this is one of
the things they do.)

-- 
Wendy