[erlang-questions] Including other peoples code in my code in a future proof way

Juan Jose Comellas juanjo@REDACTED
Wed Mar 18 21:27:44 CET 2015

I've been using Seth Falcon's rebar_lock_deps_plugin
<https://github.com/seth/rebar_lock_deps_plugin.git> for a while now to
track all my commits by revision ID just for this purpose. It was the only
way to keep my sanity when building releases on different environments.
Otherwise I would have been forced to manually check each dependency before
building a release (I did this for a while and I don't recommend it).

rebar (< 3.x) will fail when updating transitive dependencies if there are
even trivial differences when specifying the repository's URL or version
(e.g. git:// and https:// as URL protocols used to reference the same
repository in two different packages).

On Wed, Mar 18, 2015 at 3:20 PM, Loïc Hoguin <essen@REDACTED> wrote:

> On 03/18/2015 06:51 PM, Joe Armstrong wrote:
>> I've run into another problem -
>> Right now I have a working program that I want to make sure works on
>> other peoples machines. So they need to get exactly the version I have
>> Right now I clone cowboy cowlib and ranch
>>     I then checkout   master from cowboy
>>                                 tag 1.2.0 from cowlib
>>                                 tag 1.0.0 from ranch
>> Everything works fine - great
>> If I publish this I assume the tagged versions 1.2.0 1.0.0 or cowlib and
>> ranch
>> will be the same - but in the future master won't be the same
>> I then did a (inside cowboy)
>>    > git checkout master
>> and then
>>  git describe
>> fatal: No annotated tags can describe
>> '90ae31998e8d0887b9efe4b441136ac047708bb9'.
>>  From which I assume that I can use 90ae... etc as an immutable reference
>> to
>> cowboy, and the 1.2.0 1.0.0 tags for cowlib and ranch
>> So now what I have to do is
>> clone cowboy and checkout 90ae31998e8d0887b9efe4b441136ac047708bb9'.
>> clone cowlib and checkout 1.2.0
>> clone ranch and checkout 1.0.0
>> Anybody who does this should get the same code as I have on my machine
>> is this correct?
> This is correct.
>  Can I trust the tags? - do I have to converts these to shas with git
>> describe
>> as well?
> You might want to use 'git show --shortstat' instead, describe gives you a
> different kind of information.
> Don't trust tags. Even mine. While I do not make a habit of changing
> history, there are some things that could make force me to, like legal
> requests. You know where you stand with a sha, it's either there with the
> source just like it's supposed to be, or it's not there at all.
> --
> Loïc Hoguin
> http://ninenines.eu
> _______________________________________________
> erlang-questions mailing list
> erlang-questions@REDACTED
> http://erlang.org/mailman/listinfo/erlang-questions
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20150318/f8bd8734/attachment.htm>

More information about the erlang-questions mailing list