[OOTB-hive] [INFRA][GOV] OOTBee access / publication to Maven Central

Axel Faust axel.faust.g at googlemail.com
Sun Oct 23 20:28:43 BST 2016 

Hello,

partially in regards to my other mail on the list about "OOTBee owned
projects" I would like to bring up the issue of publishing OOTBee artifacts
on Maven Central. Granted we could always require people to use any
artifact repository we provide / host ourselves, but any artifacts we
provide via Maven Central would be that much easier to use by community
members (think e.g. about repository proxies).

Specifically the following points would need to be adressed:

   - Signup / Registration at http://issues.sonatype.org
   - Needed to claim ownership of group ID "org.orderofthebee" or any
      subordinate ID
      - => May have to prove ownership of domain orderofthebee.org with
      receipt from domain provider / match with registrar contact details
      - Needed to be granted staging / deployment access
      - Suggest a generic OOTBee service user using a dedicated OOTBee mail
      address (isolated from personal accounts and easier to manage /
pass on as
      responsibilities within OOTBee change)
   - Delegation of responsibility
      - Access for staging / deployment can be allowed for additional
      accounts on a per-group-ID basis
      - Suggest use of distinct group IDs per committee or project, e.g.
      "org.orderofthebee.addons" for ADDONS or
"org.orderofthebee.addons.support.tools"
      for a specific "Support Tools" project (per-project group ID is generally
      recommended by Sonatype)
      - Project group ID access could be shared with personal account of
      responsible member(s)
      - Committee group ID access could be shared with a generic OOTBee
      committee chair user
   - Alternative to "delegation": centralise staging / deployment
      - Automated process via OOTBee infrastructure, e.g. Jenkins
      - Account details (Sonatype user credentials and GPG keys hidden,
      managed by INFRA + GOV)


This is primarily a question about responsibility and manageable access
with limited chance of abuse by an individual.

Personally I would like to publish the Support Tools project to Maven
Central. If we don't want to handle the aspects above then we'd always be
restricted to our own infrastructure, or even prevent the concept of
OOTBee-owned projects as this would force devs to not put projects into a
OOTBee namespace if they want it to be easily available.

Please share your toughts on this.


Regards

Axel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.xtreamlab.net/pipermail/ootb-hive/attachments/20161023/e8aeb93f/attachment.html>

More information about the OOTB-hive mailing list