You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@maven.apache.org by david_ <me...@gmail.com> on 2010/08/04 15:34:45 UTC
prevent maven from downloading dependencies from repositories
configured in dependencies
Hi
I want to prevent maven from downloading dependencies from the repositories
that are configured in pom.xml files. Maven should only use the repository
configured in the settings.xml of maven.
We have a corporate repository for all jar files, but it is possible that a
pom.xml holds configuration for downloading his dependencies from other
url's. This needs to be prevented.
Is this possible?
--
View this message in context: http://maven.40175.n5.nabble.com/prevent-maven-from-downloading-dependencies-from-repositories-configured-in-dependencies-tp2264088p2264088.html
Sent from the Maven - Users mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org
Re: prevent maven from downloading dependencies from repositories
configured in dependencies
Posted by Ron Wheeler <rw...@artifact-software.com>.
On 04/08/2010 9:34 AM, david_ wrote:
> Hi
>
> I want to prevent maven from downloading dependencies from the repositories
> that are configured in pom.xml files. Maven should only use the repository
> configured in the settings.xml of maven.
>
> We have a corporate repository for all jar files, but it is possible that a
> pom.xml holds configuration for downloading his dependencies from other
> url's. This needs to be prevented.
>
> Is this possible?
How determined are your developers to circumvent this policy?
Do you have to assume that they will take deliberate steps to get around
this restriction?
Shutting off Internet access for developers will do this nicely. Has
some negative points!
We have removed all repository references from all POMs except for
deployment which is held in the parent POM and, of course, it points to
our repo.
This still leaves the settings.xml file as a point of vulnerability but
at least you can track bad behaviour to an individual person.
Our standard setting.xml sets our repository as a mirror for every other
repo in the world so the only repos that get referenced are the ones set
up in Nexus which is under my control.
Not a complete guarantee that someone might modify their settings.xml
but that would be a serious breach of policy and would be dealt with
administratively.
There is no practical reason for someone to do this so there would be
some "splainin" to do. (I love Lucy reference)
Ron
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org
Re: prevent maven from downloading dependencies from repositories
configured in dependencies
Posted by Justin Edelson <ju...@justinedelson.com>.
<mirrors>
<mirror>
<id>your-repo</id>
<url>http://repomanager/</url>
<mirrorOf>*</mirrorOf>
</mirror>
</mirrors>
Will cause all depedencies to be resolved from the mirror, regardless
of any repositories defined in the poms.
Justin
On Wed, Aug 4, 2010 at 9:34 AM, david_ <me...@gmail.com> wrote:
>
> Hi
>
> I want to prevent maven from downloading dependencies from the repositories
> that are configured in pom.xml files. Maven should only use the repository
> configured in the settings.xml of maven.
>
> We have a corporate repository for all jar files, but it is possible that a
> pom.xml holds configuration for downloading his dependencies from other
> url's. This needs to be prevented.
>
> Is this possible?
> --
> View this message in context: http://maven.40175.n5.nabble.com/prevent-maven-from-downloading-dependencies-from-repositories-configured-in-dependencies-tp2264088p2264088.html
> Sent from the Maven - Users mailing list archive at Nabble.com.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
> For additional commands, e-mail: users-help@maven.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org