use versioned docker images

[philipp-baumann]

Hey Bruno, I love the Docker vignette you wrote! For the sake of reproducibility, we should use version-tagged docker images instead of "latest".

[b-rodrigues]

I actually used latest on purpose, since Nix is taking care of the reproducibility aspects

[philipp-baumann]

I actually used latest on purpose, since Nix is taking care of the reproducibility aspects

latest can mean anything and in good docker practice it is recommended to not use latest. If one wants to reproduce stuff in the docker container in reproducible manner lets say in 10 years (if docker still exists then; and if no image is available from at given build time anymore), Nix is not doing anything in there (really worst case).

[b-rodrigues]

I actually used latest on purpose, since Nix is taking care of the reproducibility aspects

latest can mean anything and in good docker practice it is recommended to not use latest.

True, if you don’t use Nix: you’ll have to make sure that the base system is somehow stable, and then use something like renv or a fixed snapshot of the posit public package registry to get the right packages.

If one wants to reproduce stuff in the docker container in reproducible manner lets say in 10 years (if docker still exists then; and if no image is available from at given build time anymore), Nix is not doing anything in there (really worst case).

In this hypothetical scenario, if we use ubuntu:24.04 in the image definition, in 10 years it will likely not work because by that time 24.04 LTS will have reached EOL. If we use latest however, it will keep working, because it’ll simply use whatever is the latest version of Ubuntu. Unless of course, Nix cannot be installed on that "latest" version of Ubuntu, for some reason. But that would be quite surprising.

Also, I think it has great pedagogical value to use latest, because it truly shows that it doesn’t matter if you use Nix, which is the whole point.