Whenever I read HN talking about PHP I am reminded of the Gell-Mann Amnesia effect. The level of discussion on the topic is abysmal, compared to (I guess perceived?) the discussion on other topics.
It's interesting how clearly 80% of the developers in the community clearly have 0 clue about modern PHP. People mention shared hosting, code in html files, CGI and bad security defaults. To be clear these things have been dead in the PHP world for 10+ years, but most developers here have used it once in 2005 and haven't seen how it looks like in the modern ecosystem.
It's as if whenever the topic was Java, the discussion would center only around the devs working with Java 1.8.
Likely, the rest of the discussion on HN is of the same level, but I have a harder time spotting the errors.
Maven/Java does absolutely insane things, it will just compile and run programs with incompatible version dependencies and then they crash at some point, and pick some arbitrary first version of a dependency it sees. Then you start shading JARs and writing regex rules to change import paths in dependencies and your program crashes with a mysterious error with 1 google result and you spend 8 hours figuring out WTF happened and doing weird surgery on your dependencies dependencies in an XML file with terrible plugins.
This proposed solution is "let's just never use version ranges and hard-code dependency versions". Now a package 5 layers deep is unmaintained and is on an ancient dependency version, other stuff needs a newer version. Now what? Manually dig through dependencies and update versions?
It doesn't even understand lockfiles fully. They don't make your build non-reproducible, they give you both reproducible builds (by not updating the lockfile) and an easy way to update dependencies if and when you want to. They were made for the express purpose of making your build reproducible.
I wish there was a mega article explaining all the concerns, tradeoffs and approaches to dependency management - there are a lot of them.