Git, the D package manager
Mike Parker via Digitalmars-d
digitalmars-d at puremagic.com
Sat Feb 7 16:39:37 PST 2015
On 2/7/2015 11:43 PM, Jacob Carlborg wrote:
> On 2015-02-04 23:00, Mike Parker wrote:
>
>> Then you specify a specific version of the library as a dependency,
>> rather than a version range.
>
> No, this is not enough. The tool need to automatically track and lock
> the whole dependency graph. Example:
>
> Project A:
>
> "dependencies": {
> "b": "1.0.0"
> }
>
> Project B:
>
> "dependencies": {
> "c": ">=1.0.0"
> }
>
> Even though you have locked your direct dependencies to a specific
> version doesn't mean that the dependencies have done so. Meaning, you
> can get arbitrary versions of indirect dependencies. You can start
> adding the indirect dependencies as direct dependencies but that defeats
> the point of a package manager.
>
> I have explained this so many times in the Dub forum, why not locking
> the whole graph is a really, really bad idea.
>
> I've experienced this myself many times with Ruby before it got Bundler
> which fixes this.
>
But apparently this can be done now with dub.selections.json.
More information about the Digitalmars-d
mailing list