published packages with path dependencies should be auto-rejected

[MartinNowak]

eg, see these: https://github.com/etcimon/botan/issues/35 http://code.dlang.org/packages/botan.json it contains:

"dependencies":{"memutils":{"path":"../memutils","version":">=0.0.0"}},

=> Failed to load path based dependency memutils: No package file found in ../memutils/, expected one of dub.json/dub.sdl/package.json

and this: https://github.com/libmir/dcv/issues/106 http://code.dlang.org/packages/dcv.json which contains: "dependencies":{"dcv":{"path":"../../","version":">=0.0.0"}}}

@s-ludwig does this king of package make sense? Shouldn't that be rejected automatically (either at publish time or when dub compiles such a package)? it seems to create hard to find bugs and non-reproducible results.

EDIT: indeed, according to docs in https://code.dlang.org/getting_started:

Dependencies in the package description can use a path instead of a version. This can be used together with Git sub-modules or -trees, or with an otherwise known directory layout to use arbitrarily defined versions of a dependency. Note that this should only be used for non-public packages.

Moved from https://github.com/dlang/dub/issues/1147, submitted on behalf of @timotheecour.