remove composer.lock?

[steffkes]

As per https://getcomposer.org/doc/02-libraries.md#lock-file:

For your library you may commit the composer.lock file if you want to. This can help your team to always test against the same dependency versions. However, this lock file will not have any effect on other projects that depend on it. It only has an effect on the main project.

Saying we don't have to, but we can. What's your take on this @rdohms ?

[rdohms]

My take on this is we keep the lock file in the repository.

Removing the lock file so that Travis can "randomly" run releases we have not tested lead to random errors which are a nuisance to new contributors. I rather care for new contributors and enforce "random" testing manually with a setup like: http://blog.wyrihaximus.net/2015/06/test-lowest-current-and-highest-possible-on-travis/

So we let Travis deal with other versions, and contributors can safely know they are coding on the same dependencies as everyone else and if errors do popup in a PR, its their fault, not some random dependency break.

[steffkes]

ah, oh .. that's a nice one - didn't know about it! agreed, that's the way to go then