[erlang-questions] rebar3 dependencies

Roberto Ostinelli <>
Fri May 27 12:50:48 CEST 2016


Dear list,
Following up on this discussion.

I've took on the task of maintaining the vendoring plugin started by
Tristan (thank you for doing so and for your availability). I've started
maintaining it now and have modified to meet my needs.

I don't know how many of you vendor their dependencies, but this will allow
you to do so.

rebar3_vendor  v0.3.0 has just been released and can be found here:
https://hex.pm/packages/rebar3_vendor
https://github.com/ostinelli/rebar3_vendor

Best,
r.


On Fri, Mar 25, 2016 at 1:16 PM, Eric Meadows-Jönsson <
> wrote:

> Hex.pm does not allow users to remove or overwrite published packages so
> the issue that happened with npm cannot happen. Packages will only be
> removed in very special circumstances, such as us being forced to do so for
> legal reasons and even then we will of course not allow a new package to be
> published with the removed's package name.
>
> Rebar and Mix will also add package checksums to the lock so if you don't
> trust the Hex repository you are using you can at least trust the checksum
> check. Additionally, over the next days I will work on improving and
> documenting hex.pm's policies so that it will hopefully be clear how we
> will act in circumstances such as these.
>
> On Wed, Mar 23, 2016 at 1:47 PM, Roberto Ostinelli <>
> wrote:
>
>> On the subject on additional reasons to vendor dependencies:
>> http://www.theregister.co.uk/2016/03/23/npm_left_pad_chaos/
>>
>> BTW, not saying this can happen with hex.pm.
>>
>> Best,
>> r.
>>
>>
>> _______________________________________________
>> erlang-questions mailing list
>> 
>> http://erlang.org/mailman/listinfo/erlang-questions
>>
>>
>
>
> --
> Eric Meadows-Jönsson
>
> _______________________________________________
> erlang-questions mailing list
> 
> http://erlang.org/mailman/listinfo/erlang-questions
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20160527/d5a09092/attachment.html>


More information about the erlang-questions mailing list