You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Nov 16, 2018. It is now read-only.
Composer is generally built on the philosophy that you shouldn't "pin" package versions unless absolutely necessary (such as when patching a package, deploying a build artifact, or working with a "root level" project where you obviously want to use composer.lock).
With that in mind, I'm not sure why Reservoir relies on webflo/drupal-core-strict, which pins all Drupal core dependencies to the exact versions used by core. The problem is that this can easily create dependency conflicts with all sorts of other packages, such as BLT: acquia/blt#1792
I could see how this would theoretically improve stability somewhat by ensuring that no package version is ever used that hasn't specifically been tested with core. But as a practical matter, I've never actually seen problems arise from using floating package versions, and other distributions such as Lightning don't use webflo/drupal-core-strict.
Also, extending this pattern to other packages besides Drupal core would create a completely unusable ecosystem--you'd hardly be able to install any packages at all due to dependency conflicts. So I'm not sure why we should treat Drupal core as a special snowflake.
The text was updated successfully, but these errors were encountered:
Composer is generally built on the philosophy that you shouldn't "pin" package versions unless absolutely necessary (such as when patching a package, deploying a build artifact, or working with a "root level" project where you obviously want to use composer.lock).
With that in mind, I'm not sure why Reservoir relies on
webflo/drupal-core-strict
, which pins all Drupal core dependencies to the exact versions used by core. The problem is that this can easily create dependency conflicts with all sorts of other packages, such as BLT: acquia/blt#1792I could see how this would theoretically improve stability somewhat by ensuring that no package version is ever used that hasn't specifically been tested with core. But as a practical matter, I've never actually seen problems arise from using floating package versions, and other distributions such as Lightning don't use
webflo/drupal-core-strict
.Also, extending this pattern to other packages besides Drupal core would create a completely unusable ecosystem--you'd hardly be able to install any packages at all due to dependency conflicts. So I'm not sure why we should treat Drupal core as a special snowflake.
The text was updated successfully, but these errors were encountered: