|
|
|
|
|
|
by weinzierl
3695 days ago
|
|
|
Sorry for pestering again but I think this is kind of important and
I haven't made myself entirely clear yet (English is not my first language). In maven the repo URL is configurable in settings.xml.
This URL can be different for different departments of even different projects. From what I see in the cargo source the crates.io URL is hard coded.
So the DNS is the only level of redirection we have.
Using varying IP addresses for crates.io for different departments or even projects
wouldn't fly, at least not in the world I live in. >ignore the broader OSS ecosystem It's not about that either because the commercial repos contain very much
the same OSS packages as the standard repo but don't present all of them to
everyone all the time.
Take for example a car company: GPL3 for in-house projects that are just
used by the employees are discouraged but somewhat tolerated. GPL3 for projects
that run in the car are a big big no no. You want to be certain that no dev ever
introduces GPL3 source into anything that is in the car. You want your build to fail
if any of packages change their license to GPL3. You want your build to fail if
any of you packages has a known vulnerability. I know Cargo is not maven, but I believe this is a feature which is crucial for
industry adoption. I think I will just add a feature request for this on GitHub. |
|
|
TL;DR:
and you're good. Ahh yeah. What I mean is, you'd have to set up the packages in that registry yourself. Which sounds like what they'd want to do, so seems fine.