Package server that can serve artifacts as Maven and Debian packages

Description

Binary Repository Managers (https://en.wikipedia.org/wiki/Binary_repository_manager) allow easy access and management of artifacts created and consumed by projects. Software like JFrog Artifactory (https://www.jfrog.com/artifactory/) or Sonatype Nexus (https://www.sonatype.com/nexus-repository-oss) are examples of multi-protocol repositories.

We want to enhance our existing artifacts system, allowing access using the most common package managers.

Proposal

The MVP will focus on:

• Maven: https://maven.apache.org/guides/introduction/introduction-to-repositories.html
• Debian: https://wiki.debian.org/DebianRepository

Artifacts will be in a single storage (local or on Object Storage).

1. Define the architecture:
2. standalone daemon vs. managed by main application
3. authentication and authorization (similar to what we have now with GitLab Container Registry)
4. single-way (download only) vs. bidirectional (upload via package managers)
5. storage type (artifacts can actually be local or Object Storage, transparent to application
6. cloud native approach
7. Define the protocol
8. http vs. https only
9. dealing with certificates, self signing, letsencrypt
10. automatic creation of metadata vs. manual publishing