To replace Artifactory, Nexus, etc (as claimed at the start of the readme) authentication is an important component.
Right now Artipie appears to support credentials stored in a flat file, or integration with GitHub. There’s an open issue[0] that makes it sound like LDAP integration is in progress, but the only comment of substance is “you should donate to make this happen faster.”
That’s somewhat unfortunate, because it’d be nice to have some idea of the current progress on the issue beforehand.
General observation, not necessarily related to this project:
It's rather unfortunate that federated identity is always an afterthought instead of the default. Every new project could have been using OpenID Connect instead of rolling their own authentication. I really wish web frameworks pushed for this.
I suppose some of the blame lies with the identity providers. So many of them use a custom OAuth protocol instead of OIDC, which shifts the burden to the developers. Adding a new IdP should be as simple as adding a new trusted URL, instead it's often integrating a new SDK.
What's the point of that? You can't fully resurrect all artifacts ever or you'll waste a day downloading until you run out of disk space, so all you get is the pointer files. At which point you could just as well store a the hash of something in an object store, without LFS.
Keep it up! There's is definitely room for challenging the incumbents. Besides authentication I'm looking for Maven mirror functionality and vulnerability scanning in an enterprise setting.
They are claiming "quality of Java code is extraordinary high". It is not even merely "good": Here is looking at you, dear misnamed and all over the place "Slice" flavors.
thinkmassive|5 years ago
Right now Artipie appears to support credentials stored in a flat file, or integration with GitHub. There’s an open issue[0] that makes it sound like LDAP integration is in progress, but the only comment of substance is “you should donate to make this happen faster.”
That’s somewhat unfortunate, because it’d be nice to have some idea of the current progress on the issue beforehand.
[0] https://github.com/artipie/artipie/issues/24
l3s2d|5 years ago
It's rather unfortunate that federated identity is always an afterthought instead of the default. Every new project could have been using OpenID Connect instead of rolling their own authentication. I really wish web frameworks pushed for this.
I suppose some of the blame lies with the identity providers. So many of them use a custom OAuth protocol instead of OIDC, which shifts the burden to the developers. Adding a new IdP should be as simple as adding a new trusted URL, instead it's often integrating a new SDK.
hkt|5 years ago
imglorp|5 years ago
You can stash just about any binary, versioned, and control if it appears in your repo or just a little pointer file.
yencabulator|5 years ago
varikin|5 years ago
| It can host the data in the file system, Amazon S3, Google Cloud, HuaweiCloud OBS etc.
and
| For now, we support two storage types: file system and S3 storages.
Along with lack of LDAP or federated login, it doesn't seem ready to try or recommend yet.
Karliss|5 years ago
tofflos|5 years ago
roel_v|5 years ago
colechristensen|5 years ago
debarshri|5 years ago
eternalban|5 years ago
They are claiming "quality of Java code is extraordinary high". It is not even merely "good": Here is looking at you, dear misnamed and all over the place "Slice" flavors.
hwc|5 years ago
https://gist.github.com/HalCanary/9abb045bf047da118c2467266b...