The Composing Continuously panel presentation was a change to the innovation track. The speakers included Charles Fulton, Paul Gilzow, and Royall Spence and the discussion was moderated by Robin Smail.
They focused on an overview about Composer, a dependency manager for PHP, with a particular emphasis on using it with WordPress and Drupal (although it can be used for any CMS). Gilzow described Composer as being like the instruction booklet that comes with a complex Lego kit. It takes all of the pieces the site needs to operate, as defined by the developer, and puts the site together with the preferred pieces in the order required to make the finished product.
Using a tool like Composer helps with managing legacy applications, avoiding customization errors when updating key components and automatically updates all libraries when other elements are upgraded. It can also downgrade elements, like a plug-in, if something does not work. While it is necessary to define in code all of the elements, the final output file is locked when it is pushed live.
When pressed, the panel admitted that trust is an integral part of using this tool. Developers using Composer have to give up some freedom and need to have time to understand the cascading dependencies in the versioning controls, but freedom can come from having complete backups and a set process for managing updates.
The issue of security is also a legitimate concern, but in the world of WordPress, this is common with the use of third-party plugins. As with all open-source options, including Github, the security of your site is only as good as the repositories you share, but using Composer means that the final output is read-only which limits potential hacking of your site.