Maven dependency management vs subversion svn:external for enterprise application

I'm new to maven.

Given enterprise level Java application. Source code is managed by subversion.

As I understand once I friezed code, I should be able to compile it 5 years latter and receive the same result, but I'm bit concerned if maven can handle it with 100% accuracy:

1. Is it possible when maven goes to internet it will bring corrupted jar (e.g. network problem or mirror has incorrect ja开发者_JAVA技巧r)?
2. Let say I want to recompile my code 5 years latter. Is it possible required jar won't be there?
3. Isn't it risky for enterprise application to dependent on such "opaque" external sources (e.g. internet mirror).

From other side in my previous place we exploited for that svn:external - we has a special directory (vendor branch) in svn for all 3rd products (jars). For each product and its specific version there's a dedicated directory. Application code uses svn external to bring concrete jar from the vendor branch.

In this configuration I know all jars under source control and I'll be able to rebuild my application after 5 years and pack it with the same jars as 5 years before.

Do I miss something?

---

Yes, it is risky, but there are ways to tackle that problem.

1. This can happen, and it actually happens pretty often. However, to cure a corrupted download you can simply delete the package from your local filesystem and shoot Maven to re-download it. I wouldn't think packages in the mirrors get easily corrupted once they are there.
2. No idea what's the official word by maintainers, but even if somebody was to ensure that the libraries "will be always there", hardware failures might happen, companies get sold, processes change, etc. etc. As long as you are trusting on someone else than yourself, you cannot be sure.
3. Yes it is.

To really solve this issue, you can setup your own repository with Nexus or Archiva (see also SO: Best enterprise repository tool for Maven 2?). If you have your own index up and running, you have total control on securing the dependency library for years to come. Of course, it might still break :)

If you are running small business, I wouldn't think there's benefit in changing your processes and establishing your own mirror (what's the added value?). The svn:externals is maybe not as sophisticated approach but I personally wouldn't consider it bad either.

I might also add that Maven is much more than dependency management. There are increasing synergies when you give Maven more control over your projects so if you end up switching to Maven, it would make sense to also rely on it's other features (easier to update libraries, auto-download sources, structure conventions, plugin architecture, etc.).