On Jun 23, 2017, at 12:00 AM, Adi Roiban <adi@roiban.ro> wrote:

For production usage, I think that we should pin everything, so that
we don't end up with things which might break in the future.

Very much agreed. As per https://caremad.io/posts/2013/07/setup-vs-requirement/, any actual deployments need to have "exact version specifiers" (i.e.: pins) on everything.

-g