This guide clarifies the concept of "exclusive" in the context of Conan repositories (remotes). Since Conan does not have a simple boolean flag called exclusive , this guide interprets the request as (ignoring others) or how to manage priority so one repository acts as the single source of truth.
Without exclusivity, your builds are vulnerable to "dependency drift." Imagine a scenario: your team maintains a private fork of libcurl with security patches. Your conan remotes list includes both your private server and Conan Center. One day, Conan Center publishes a newer version of libcurl . When your CI pipeline runs, Conan might pull the newer, incompatible version from Center because it appears first in the search order. conan repository exclusive
: It avoids "dependency confusion" attacks where a package with the same name on a public repository might be prioritized over your internal one. How to Configure Exclusivity how to force Conan to use a specific
The Conan 2.0 era emphasizes "package revisions" and "recipe revisions." Your exclusive repository is no longer just a file server—it is a Git-like version control system for binaries. You can roll back to any build from six months ago. Your conan remotes list includes both your private
This guide clarifies the concept of "exclusive" in the context of Conan repositories (remotes). Since Conan does not have a simple boolean flag called exclusive , this guide interprets the request as (ignoring others) or how to manage priority so one repository acts as the single source of truth.
Without exclusivity, your builds are vulnerable to "dependency drift." Imagine a scenario: your team maintains a private fork of libcurl with security patches. Your conan remotes list includes both your private server and Conan Center. One day, Conan Center publishes a newer version of libcurl . When your CI pipeline runs, Conan might pull the newer, incompatible version from Center because it appears first in the search order.
: It avoids "dependency confusion" attacks where a package with the same name on a public repository might be prioritized over your internal one. How to Configure Exclusivity
The Conan 2.0 era emphasizes "package revisions" and "recipe revisions." Your exclusive repository is no longer just a file server—it is a Git-like version control system for binaries. You can roll back to any build from six months ago.