In a corporate environment, the use of open source dependencies is encouraged (to avoid recreating the wheel), but a dependency will still need to be approved. The approval process gives management an opportunity to validate that the license is compatible, to question its role, and to question whether it is the best solution to adopt compared to alternatives. Once approved, it is added to the corporate Maven repository and is then available to developers.
I am thinking that Artifactory may be useful in managing the corporate Maven repository. However, the proxy needs to be restricted such that certain projects (preferably by version number) are available, but not just anything from ibiblio, for example, is available. Can Artifactory do this? If not, do you think this is a reasonable feature to request?