Jiří Málek

It seems it cannot be fixed.

> If the idea is that the peru.yaml file isn't trusted, well, the untrusted author could just insert the auth flag too. From my point of view, it's not about...

> If the versions are available as git branches or tags, peru already supports fetching them. For example, this is valid: > > ``` > git module rack: > url:...

> I worry that git repo conventions aren't uniform enough for something like this to work consistently. The common convention is to name tags as `vX.Y.Z...`. Github itself recommends this...

Did you check [how composer implements this](https://getcomposer.org/doc/articles/versions.md)? It doesn't have solve any of the problems you describe, it's all up to the user to specify things.

@olson-sean-k > I don't think peru should ever attempt to understand SemVer and this should probably be supported within plugins if at all. I think complete opposite. I don't see...

> The first approach will be pretty consistent with what the peru best practices have been so far. But the second approach will be pretty different, and I expect various...

That would be great. I know you guys are busy but do you have any idea when this could be implemented? Not a specific date but an estimation such as...

I've spent several days looking for a language agnostic dependency manager but apart from peru I haven't found anything (maintained and feature rich as peru) so I'd like to try...

Related #22