(there is a lot of explanation there, but for the record: twitter takes the approach of continually tightening-up/deduping 3rdparty rather than using managed_dependencies)

isn't a 3rdparty freeze just managing every dependency at once

somewhat... you'd need to choose appropriate scopes for each of the "freezes"

ah

ie, one freeze per binary? etc

this reminds me of that issue where john described a potential

constraints.txt

file which could apply to adjacent `python_binary`/`python_tests` targets

the closest analogy is probably

yarn.lock

,

pip freeze

,

Cargo.lock

, etc

i'm mildly interested in supporting lockfiles like that especially since there are so many analogies across languages, it seemed like something we could support without too much effort

yea. doing it generally would be an interesting project. it's either two or three projects away on the remoting roadmap.