Admittedly, I'm trying to learn the best practices of using Composer. But, I think the concept of a distribution challenges a composer-based workflow and I wanted to discuss this.
I recently tried to override a dependency which was defined in the profile (Panels, to be specific). There is no new release of Panels yet for Lightning to adopt, but there is really critical functionality (the pencil icon for Panels IPE) I think is direly needed for usability.
As such, I attempted to update my composer.json file by specifying the dev release of Panels. This clearly conflicted with the version of Panels defined by Lightning (which I knew and understood). Except, I don't have a clear solution for diverging from the provided profile.
Is the use of a profile within composer.json intended to be an all or nothing sort of thing? Are there other solutions out there (besides explicit patches) for overriding the version of a module?