Add note to docs that replacing third party packages is bad practice

[igorw]

No description provided.

[max-voloshin]

@igorw , really? /cc: @naderman

[stof]

@max-voloshin If you replace a package you don't not own and you publish your replacing package, users asking for the original package may receive your replacement (and fail to understand why)

[max-voloshin]

@stof, good notice, thank you!

But I think that

1. Documentation should explain where is problem. Assertion "replacing third party packages is bad practice" is not completed IMO, because publishing these packages is problem, not replacing.
   I can replace third party packages in my private environment without any problems for anyone.
2. Looks like this is Packagist issue to deny publishing packages, which replace packages of other vendors.

[naderman]

Sorry but this is incorrect. Replace does have a purpose, and that does include replacing packages you do not own. And it does include publishing them. Yes this may not be what users expect in some situations but that doesn't mean it isn't exactly what one wants to do in other situations, so I disagree with adding this note.

[stof]

@naderman We should still warn people that they should be careful when using replace. It has been misused several times leading to WTF for users thinking that composer was doing crap. It is even worse when a packages is published with a replacement for * versions

[naderman]

@stof Sure I'm fine with that, but then it should be phrased differently. @igorw