There's a lot of comments on this, but nobody mentioned the similar job of maintaining and auditing an internal package mirror.