Indeed, a release repository should strictly forbid content modification after a release, which is what Maven Central is doing:
(...) Here are some
of the properties of release
repositories such as the Central Maven
repository:
...
Release Stability
Once published to the Central Maven
repository, an artifact and the
metadata describing that artifact
never change. This property of release
repositories guarantees that projects
which depend on releases will be
repeatable and stable over time. While
new software artifacts are being
published to central every day, once
an artifact is assigned a release
number on Central, there is a strict
policy against modifying the contents
of a software artifact after a
release.
That being said, whether a Maven client will (re)download an artifact or not does not really depend on the repository and its policy, this is part of Maven DNA and it just won't happen (unless you delete the given artifact from your local repository of course). Quoting Brett Porter in [MNG-2528] - updatePolicy "always" does not work for repositories with "releases", at least not for transitive dependencies:
Releases in Maven are, by definition, unchanging. The always flag is to check for new releases (like it looks for new snapshots), not modifications to the existing one.
In other words, if you don't delete the content of your Nexus repository, Nexus will never re-download a released artifact again and you will thus be able to rebuild the version of your product created two years ago, using the exact same libraries.