I need to ensure that I have always access to packages@version that are used in product releases. As far as I can see I have two options:
proxy the public repo
pros: simple to setup, updates automatically as soon as fetching some public package
cons: accumulation of packages that have not really been used, maybe only in test and studies, impossible to clean them up separately from the ones that I need to preserve (for eternity)
duplicate public packges in private repo
pros: be sure to only have the packges that are really used in production releases
cons: a tedious job to do keep up to date (at least manually), possible duplicate packages in private and proxy repo
How others are handling this? Are there some best practices?
Thanks for any advice.