[ https://issues.apache.org/jira/browse/THRIFT-4758?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16754105#comment-16754105 ]
Mark Erickson commented on THRIFT-4758: --------------------------------------- Also, in Dart, the guidance is to NOT check in pubspec.lock files for libraries (like thrift), only check it in for applications. See [https://www.dartlang.org/guides/libraries/private-files#the-rules] > We gitignore and do not check in config lock files in many languages - isn't > that bad? > -------------------------------------------------------------------------------------- > > Key: THRIFT-4758 > URL: https://issues.apache.org/jira/browse/THRIFT-4758 > Project: Thrift > Issue Type: Bug > Components: Build Process, D - Library, Dart - Library, PHP - > Library, Ruby - Library, Rust - Compiler > Affects Versions: 0.12.0 > Reporter: James E. King III > Priority: Major > > In npm we check in the package-lock.json file because that ensures your > builds are stable over time. The cost you pay is that occasionally you need > to rev the file manually. The benefit is a changed package won't bork your > build. > I have identified in the following languages we are ignoring and not checking > in the package lock files: > d (dub) > dart > php (top level composer.jock) > ruby > rust -- This message was sent by Atlassian JIRA (v7.6.3#76005)