> As I experienced myself too, whenever you ask to install the package, it > downlods the files with the latest commit ...
nimble by default clones/checks out the current state of the default branch of a git repository. Which branch that is is configured by the repo maintainer. > ... , even if the version numbers declared in the nimble file are same. That's fine. nimble's job is keeping dependencies met, not keeping files identical. In the `requires` directive of a `.nimble` file, one can specify version ranges (like `>3.0`), which means that exact control of even what package version is installed is not required and not claimed, let alone control of the exact file revision within a package version. The latter is entirely up to the repo maintainer and in most package versioning schemes there is no rigid connection between the two anyway: introducing a new code convention could change every source file in the default branch without justifying a new package version. If a specific branch/tag/commit is needed, it can be specified in a `requires` [directive](https://github.com/nim-lang/nimble#dependencies) or even as a part of a `nimble install` [command](https://github.com/nim-lang/nimble#nimble-install) . > I have a few suggestions: The first two bullet points do not make a lot of sense to me, see above. > Another option is to create a package inventory where packages with assured > code freeze for given version number are stored. Nimble then fetches the > package from that inventory. That would make nimble a package manager with a repo, like npm. If we had the manpower to curate official package versions, that could be a plan, but Nim has more pressing problems to throw brains at IMHO. > One useful thing with that approach is that, you can also pack binaries ... Nim packages are a source-centered ecosystem, so building binaries/libs from source is kind of the point of the whole thing. Not having to wait until some curator has built a binary with the newest dependencies and the best optimization options for my exact platform but just building it from packaged source and dependency information is _very_ nice. If we just want to install binaries, most operating systems have their own/better facilities for that.
