It's all about balancing security and convenience. JFrog’s Artifactory understands that customers are cautious about granting Delete/Overwrite permissions to developers for NuGet repositories, especially when handling release artifacts. Nobody wants to accidentally delete or mess up vital packages.
To address this concern, a cleaver solution was implemented back in 2015 (RTFACT-7636) to handle scenarios when a Nuget package in a pre-release version used a dash in versioning.
As NuGet repositories don’t have a clean-up policy for pre-release artifacts, allowing dashes in pre-release versions helps Artifactory distinguish them from standard releases and enables better management of pre-release artifacts without the need for explicit cleanup policies.
In summary, the behavior during the deployment of NuGet pre-release versions in Artifactory, where overwriting is permitted without requiring Delete/Overwrite permissions, is a deliberate design choice aimed at facilitating smoother repository management while addressing user concerns about accidental package deletion or overwriting.
To address this concern, a cleaver solution was implemented back in 2015 (RTFACT-7636) to handle scenarios when a Nuget package in a pre-release version used a dash in versioning.
As NuGet repositories don’t have a clean-up policy for pre-release artifacts, allowing dashes in pre-release versions helps Artifactory distinguish them from standard releases and enables better management of pre-release artifacts without the need for explicit cleanup policies.
In summary, the behavior during the deployment of NuGet pre-release versions in Artifactory, where overwriting is permitted without requiring Delete/Overwrite permissions, is a deliberate design choice aimed at facilitating smoother repository management while addressing user concerns about accidental package deletion or overwriting.