Nice to see them being open about this project, they have a lot of people involved but I'm not sure they're solving real problems yet - surprised it's taking so long to converge on something actually usable, given all the prototypes in previous versions. Here's what I want from dependency management:
Freeze current deps to vendor
Save deps using semantic versioning
Let me edit versions to things like 1.x to allow all version 1 updates for deps I trust.
That's it. I don't really care about diamond dependencies yadayadayada because I can just solve them myself. Yes eventually tooling for that is nice, but it's not even a problem most people will hit initially.
It does all the things you're asking of it, and more.
Considering this is a fairly contentious topic I'm glad they took a lot of time debating it. Overall I think it'll be for the better to have one tool that everyone can agree on than the split ecosystem we've had before and that some communities still battle with, with everyone tacking on their own things. The fact that just about every language and distribution ends up reinventing that wheel and all of them have their own set of drawbacks should give you an idea of how complicated this actually is.
Some things might seem silly to debate, but we actually have specs around how these things are supposed to work and interact. This is tremendously important as how package management works is now actually formalised instead of being an implementation detail of the tool. And as an added benefit, you can now implement that tool you want without needing to break anything in the ecosystem, which also lowers any bar of entry to your tool.
Nice to see them being open about this project, they have a lot of people involved but I'm not sure they're solving real problems yet - surprised it's taking so long to converge on something actually usable, given all the prototypes in previous versions. Here's what I want from dependency management:
It does all the things you're asking of it, and more.