Two additional concerns that impact this space are:
- whether a language has support for loading multiple versions of a dependency at runtime (Erlang, .NET) which affects whether you are forced into some sort of method of walking the dependency graph to identify conflicts or compatibilities
- whether the dependencies in the language include native dependencies, and whether the PDM will resolve native dependencies or defer to that languages toolset or simply expect them to be handled a priori.
Thanks for the thorough writeup! I think it’s also interesting to consider whether a decentralized approach to package indices makes sense, how to establish provenance of packaging bits, and whether in 2016 you should build any sort of tooling without a remote API or some other machine-readable interface for composition…