We have been looking into Artifact repositories in the last couple of months, which should solve a couple of issues / problems that we had or expect.
– We experienced failed builds due to throtteling with Docker hub
– We would like to have better control of used packages, especially in the NPM area everything seems to be a bit “inconsistent”
– We are also playing with the thought of creating deb and rpm packages for easier distribution and update capabilities.
– We also would like to have a way to restrict access for some packages.
According to our investigation it looks like there are currently two options:
– JFrog Artifactory
– Sonatype Nexus
Both have so called OSS versions, which offer reduced functionality for free.
Artifactory’s OSS version does sadly not offer npm, dep, rpm, docker, Nexus OSS version does all that, so Nexus was our first choice. We were installing it and evaluating the OSS version, yet we had to figure out that some simple things just dont exist. E.g its impossible to upload any file manually, a feature so essential that I still dont know how they cannot offer this.
I was surprised when I found that Nexus was offering a free pro version for open source projects:
Are you developing an open source project? If so, most open source projects qualify for a free Nexus Professional license. Open source projects can qualify for a free Professional license, or they can take advantage of free Nexus Professional hosting on http://oss.sonatype.org. Sonatype is very committed to supporting the development of quality open source and this is our way of giving back to the community.
(Source: blog.sonatype.com/2010/01/nexus-open-source-or-professional-which-one-is-right-for-you/)
So I was contacting the Nexus Support to check if that’s possible for Psono. I got a call back a day later where a nice lady tried to sell me Nexus Pro. I still to the day don’t understand her argumentation, but according to her “Nexus Professional” license is no “Nexus Pro” license and according to her the “Nexus Professional” license is just the normal “Nexus OSS” Version.
I left this conversation a bit confused. 🙂
I then reached out to jfrog, where I was pointed to https://jfrog.com/community/open-source/
So JFrog and Google have partnered up to support open source project with a free Pro version.
Great! Exactly what I wanted. I registered (initially as 30 days demo, that once approved gets later converted in a permanent installation) and played a bit around with it.
Artifactory is feature rich, the “Set me up” button makes it so easy to get started with new repos. It just works like a charm!
Today I received the news from JFrog:
We just approved your application, and your server is now permanently operational. you for the submission, It’s our privilege to support the OSS.
Thank you for the submission, It’s our privilege to support the OSS.
Thank you JFrog for your support!
We are happy to anncounce, that Psono is now …
Update Feb 1st, 2018
We just received a comment from Brian Fox:
Hi there, I’m sorry about the confusion over the free licenses for open source projects. We have a long history of supporting open source and it is most definitely a full professional version that is granted to qualifying forges / projects.
—Brian Fox CTO, Sonatype
