[erlang-questions] Including other peoples code in my code in a future proof way

Kenneth Lakin <>
Wed Mar 18 05:36:45 CET 2015


On 03/17/2015 02:51 PM, Leandro Ostera wrote:
> Scenario:
> 
> I request extend/cowboy.git#0.9, the people at extend overwrite the 0.9 tag
> and then the next time
> I'm pulling that repo, I'll get a different version of the library. This of
> course does not aid in
> deterministic builds.

In every SCM I've used, tags can be renamed and moved at will.

IMHO, someone who's *actually* interested in deterministic builds should
use the immutable info provided by their SCM (revision # for SVN, commit
hash for git, etc.) rather than something that can be changed at any
time. I would be surprised if 'rebar3 lock' didn't convert references to
tags into references to commit hashes.

Also note that when someone rewrites git history, all of the affected
commit hashes are changed. This means that build systems that use commit
hashes, rather than named tags won't be affected by a history rewrite.
(Unless -of course- the referenced commit is removed.)



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20150317/300ba88f/attachment.bin>


More information about the erlang-questions mailing list