Hacker News new | past | comments | ask | show | jobs | submit login

It's fairly easy to setup a local server containing all your jars and still use maven or ivy. I do that at my current employer.



We use a local repo as well(its easy to setup) and so this type of security is not something we even think about. If we are adding/version changing dependencies we just have to put a little more work into making sure the jar that goes to our local repo is good, but that doesn't happen every day. Of course when prototyping or just playing around this could become an issue...


But in that case why maintain two separate repositories? One for "our code" and one for external. I'm assuming the code in these repositories is open source... right? Why not simply check in the version to be used right in your local SCM?


There are a bunch of different SCMs. It's nice to decouple "hold released builds at specific versions" from your general development repository.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: