On 22-06-15 15:52, Yuriy Tymchuk wrote:
What if I don’t want something to change without my knowledge?
That is something you cannot afford with current tooling.
You can create a snapshot of all package versions, and calculate a md5 over all method versions. You cannot afford to do that for every change but you can do that for important situations.
Working software is more important than absolute reproducibility. If you use numbered versions in your dependencies, you break software. In practice. All the time. Because nobody can afford to change versions at the sum rate of all changes of its dependencies. So that doesn't happen.
Peter wrote
Wasn't there a discussion about versioning last week?
Yes there was.
Dependency hell might make it harder to upgrade (especially if no meaningful system is employed), but depending on #stable is great way to have your project broken at random. Only dead project
has stable API.
That is a separate issue, take a look at the discussion. A dependency needs to be on a symbolic version, and if the API changes in a breaking way that should be reflected there.
Stephan