Consider using a composer.lock file

[Pazns]

Baikal version: 0.9.1+

Problem you are having: The project is not using Composer Lockfile feature. A composer.lock file :

• locks the dependencies to confirmed working versions, for everyone ;
• allows users to not have to trust blindly a tarball to get the "approved" dependencies ;
• allows users to install the project by just git-pulling the project directly from Github ;
• makes sure all users having trouble have the same dependencies and, therefore, that all issues are more easily reproduced.

Also, not using a composer.lock file is severely old sub-standard practice for a PHP Composer project.

Suggested solution: Use a composer.lock file from now on, starting with current or next version.

The person currently uploading the installation tarball should push its composer.lock file as it can be considered the current truth. It must be removed from .gitignore.

Using a composer.lock file doesn't prevent the current practice of making a tarball to continue.

Additional resources on this topic, as indicated by others in this thread : https://getcomposer.org/doc/01-basic-usage.md#commit-your-composer-lock-file-to-version-control

[element-code]

https://getcomposer.org/doc/01-basic-usage.md#commit-your-composer-lock-file-to-version-control

Aditionally to comitting the lock file in the repository, the composer lock should be present in the tarball, to allow developers installing their own packages without hustle.