Use version requirements in non-remotes section to specify remote

[davidboren]

This forces version requirements specified outside of the Remotes section to be applied to the remotes. We can maybe discuss an overall plan for Remotes usage here.

[kirillseva]

Confused about the intention of this PR. Do we still want this? @davidboren @robertzk @peterhurford

[peterhurford]

@kirillseva I think we need it to help manage packages that specify GitHub dependencies through Remotes in the DESCRIPTION while also specifying version numbers in the Imports or Suggests. We could test that use case more specifically.

This PR needs versioning.

[kirillseva]

oh, this is for downloading dependencies not only from cran, but also from remotes when lockbox does the dependency caching 👍

[peterhurford]

@kirillseva Here's one example use case https://github.com/hadley/devtools/blob/master/DESCRIPTION#L27

[robertzk]

@peterhurford Versions specified in imports and suggests seem to typically consist of lower bounds rather than explicit versions so I think this may require a bit more work in case multiple packages specify competing bounds.

[abelcastilloavant]

Guessing this discussion is still unresolved? (To be fair it's not an easy problem)

[robertzk]

Yeah, leaving it open as a reminder.

[robertzk]

This kind of version resolution is what tends to make package managers Turing-complete. :)