No @dmvolod, the lock file establishes the exact version of the libraries that the project is using, while the toml file describes high level constraints on them that must be respected by the lock file. If we don't commit the lock file, each one of us will use his own set of dependencies.
We should use `dep ensure` to sync dependencies but also when we add a new dependency. We should use `dep ensure -update` only when we want to upgrade libraries to their latest versions (respecting constraints). The command `dep ensure` does not change versions in the lock file, only adds them if needed. This way the build should be reproducible across computers. At least, if we use the same version of dep.. [ Full content available at: https://github.com/apache/camel-k/pull/9 ] This message was relayed via gitbox.apache.org for [email protected]
