chriskuehl
commented
1 year ago Debian and to some extent Ubuntu mostly don't arbitrarily add new package versions to the repos for a released distribution. We would like to keep our system packages unpinned so that we receive any security updates (which they generally deploy by backporting to the released version to produce a minimal change).
Hi! The Dockerfile placed at "Dockerfile" contains the best practice violation DL3008 detected by the hadolint tool.
The smell DL3008 occurs when the version pinning for the installed packages with apt is not specified. This could lead to unexpected behavior when building the Dockerfile. In this pull request, we propose a fix for that smell generated by our fixing tool. We have verified that the patch is correct before opening the pull request. To fix this smell, specifically, we use a heuristic approach that selects the most probable version tag for a given apt package corresponding to the latest version at the current date. The package versions are retrieved using the Canonical Launchpad APIs.
This change is only aimed at fixing that specific smell. If the fix is not valid or useful, please briefly indicate the reason and suggestions for possible improvements.
Thanks in advance