You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@archiva.apache.org by Deng Ching <oc...@apache.org> on 2010/03/29 06:40:43 UTC
MRM-1021 Staging repositories (WAS: GSoC projects?)
Moving the discussion to a separate thread for easier tracking..
This was the Eshan's query:
On Mon, Mar 29, 2010 at 11:44 AM, eshan sudharaka <esudharaka@gmail.com
>wrote:
>
> hi,
> As i understood subversion(SVN) already has this feature.Cant we use same
> concept(svn) on top of archiva to get that thing done?
> thank you.
>
> eshan sudharaka
>
>
And these were James' and Wendy's reply:
On Mon, Mar 29, 2010 at 9:22 AM, Wendy Smoak <ws...@gmail.com> wrote:
> On Sun, Mar 28, 2010 at 8:47 PM, James Dumay <jd...@atlassian.com> wrote:
> > It would be amazing if we could back the entire application onto
> something
> > like git or mercurial (including artifacts and metadata) so that we could
> > have VCS-like auditing abilities. No Maven repository I am aware of can
> deal
> > with versioning yet.
>
> I believe the Nexus guys tried it (with svn) and said it was just too
> slow. Subversion, at least, isn't optimized for dealing with large
> binary files.
>
> Since artifacts don't change after they are deployed, I don't see much
> benefit of putting them under version control. (And often a Maven
> conversion involves getting jars *out* of the version control system.
> :) )
>
> Archiva has audit logs... perhaps improving those and providing
> whatever search/reporting is missing would be a better way to go?
>
>
+1
With the recent changes in the repository API and the addition of the
repository content model, I think it is easier to track the changes in the
repository now.
Currently, the audit logs report only shows artifact upload actions. So if
we're going to go with this approach, the repository merge action would need
to be audited. And probably also
note in the audit events if the repository the artifact was deployed to is
just a staging repository or a regular repository?
Here are some of the things that I also think needs to be considered for
MRM-1021:
- creation of the staging repository (should it be distinguished and how
will it be distinguished it from a regular repository?)
- merging of the staged artifacts to the final repository
- deletion of the staging repository (should Archiva do this after the
merging? or should the user manually delete it?)
- security (who will be able to promote artifacts? will the granting of
access to the staging repo be just the same as what is currently
implemented? or will batch assignment of permissions to a group/set of users
be supported?)
Thanks,
Deng