Should stack.yaml.lock be under version control?

[Han Joosten]

Recently, a team member of my team attempted to removed stack.yaml.lock from the .gitignore file. He is not very familiair with Haskell, and hardly at all with stack. However, he is a fine software engineer, with a lot of knowledge of other languages and build systems. With npm, the .lock file should be under version control, to guarantee that the build is the same everywhere. 

I know that one of the design principles of stack is do do just that: Ensure that a build is repeatably the same. That caused me to put stack.yaml.lock into .gitignore years ago. 

This removal attempt made me wonder:

1) Should stack.yaml.lock be in .gitignore?

2) What good is stack.yaml.lock, if it doesn't ensure the same build each time?

NB: I noted that the .gitignore file in the stack repository itself contains stack.yaml.lock

Thanks for reading!

[Chris Allen]

Libraries and public utilities may not have the lock file checked in. Private apps should always have the lock file in version control or you are not guaranteed the level of reproducibility Stack strives for.

Hope this helps,
Chris Allen

--
You received this message because you are subscribed to the Google Groups "haskell-stack" group.
To unsubscribe from this group and stop receiving emails from it, send an email to haskell-stac...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/haskell-stack/3e45ccc6-7e1f-4fd0-b35c-6acb226b1608%40googlegroups.com.