[erlang-questions] rebar3 dependencies

Fred Hebert mononcqc@REDACTED
Wed Mar 23 15:49:55 CET 2016


On 03/23, Roberto Ostinelli wrote:
>
>Yes, but in hex dependencies you can just add a dependency by name :)
>Fortunately enough AFAIK rebar.lock sets the sha, and rebar with hex only
>allows for exact versions specifiers (i.e. *no* expressions like '~>1.1').

rebar.lock currently only holds the package name. We check SHAs, but 
against the index only. The feature for better hash checking is 
discussed at https://github.com/erlang/rebar3/issues/1136 right now.



More information about the erlang-questions mailing list