@darius my understanding is that we proxy everything in maven central (usually that doesn’t mean it’s a full copy, it’s either a pass through or lazy download).
@mogoodrich I absolutely don’t want to revoke PIH write access out of the blue. Even if you had PIH-specific modules deployed somewhere else, you can still retain the user account on our jfrog account to aid with core releases and so on.
Not that I understand exactly what are all the problems we are solving with our maven repo, but addons helps to make a module available for others.
But during development they might have a module that depends on other module/api. That’s a problem that only a maven repository can help.
We also have distributions wars in maven repo, which I don’t know if they are useful during development.
@burke, I believe that only open source apps can be deployed to maven central (same as bintray). So open sources could have free maven storage, but not proprietary.
I suppose we can investigate how hard it would be for an implementation to start releasing their things to bintray (including if development gets more complicated). @makombe, would it be a viable solution for you?
For the modules that are already there, I’m thinking of creating a new repository in mavenrep.o.o, one per group. Let’s say, modules-pih, modules-emruganda, and so one. So the CI user (only) for those groups would be limited to that specific repo. Human users would continue to be able to modify everything.
With a little bit of coordination, I think this would be achievable by the end of the year. It would also pave the way for when/if it gets migrated somewhere else.
And improves security overall as a bonus.