search

ddev / ddev-gitpod-launcher

Launch any DDEV project with Gitpod
https://ddev.github.io/ddev-gitpod-launcher/
Apache License 2.0
12 stars 8 forks source link

[tag] :latest outdated #25

Closed ibrah3m closed 1 year ago

ibrah3m commented 1 year ago

Trying to get last updates each time through latest tag

example: drud/ddev-gitpod-base:latest

Problem: latest tag not updated since 4 months and has ddev V1.19.0

ibrah3m commented 1 year ago

drud/ddev-gitpod-base:latest this tag doesn't have the last updates its still in ddev v1.19.3

tyler36 commented 1 year ago

Oh, this again?

See #22

Also https://github.com/drud/ddev/issues/4017

ibrah3m commented 1 year ago

Oh, this again?

See #22

Also https://github.com/drud/ddev/issues/4017

Cool , I'll close it then . Also I'll make PR to mention this in the Docs so people don't lost.. from tech Side isn't latest must be the last version?

tyler36 commented 1 year ago

Keep it open. The process needs a rethink since it still on the old version and hasn't been "fixed".

rfay commented 1 year ago

I haven't been pushing "latest", the instructions in https://github.com/drud/ddev/blob/master/.gitpod/images/push.sh don't suggest latest. And the .gitpod.yml here doesn't use latest.

Why are you expecting the :latest tag?

Movable tags are usually evil.

And please use a title that is meaningful, and start any issue with a description of what you are concerned about.

It's not a given that every docker image with have a :latest tag or that it will be maintained.

ibrah3m commented 1 year ago

I haven't been pushing "latest", the instructions in https://github.com/drud/ddev/blob/master/.gitpod/images/push.sh don't suggest latest. And the .gitpod.yml here doesn't use latest.

Why are you expecting the :latest tag?

Movable tags are usually evil.

And please use a title that is meaningful, and start any issue with a description of what you are concerned about.

It's not a given that every docker image with have a :latest tag or that it will be maintained.

I expecting that latest tags is updated because usually when I use NPM for example we do npm i -g npm@latest to make sure that I have last version of these packages.

I didn't know this information before

It's not a given that every docker image with have a :latest tag or that it will be maintained.

I were thinking it's always updated.

rfay commented 1 year ago

The common @latest usage in npm is considered a massive security problem, because people pick up "latest", even when it's not vetted, etc, and that usage has contributed to some of the big npm problems in the last couple of years. People use @latest, and then automatically pick up a new exploit in a rebuild, instead of sticking with what they have. And of course, they have no idea what's changed in their codebase.

As #22 explained, we stopped using "latest" because of a variety of problems with how gitpod picked it up.

Where are you using the "drud/ddev-gitpod-base:latest" tag? Neither this repo nor the ddev repo use it...

ibrah3m commented 1 year ago

The common @latest usage in npm is considered a massive security problem, because people pick up "latest", even when it's not vetted, etc, and that usage has contributed to some of the big npm problems in the last couple of years. People use @latest, and then automatically pick up a new exploit in a rebuild, instead of sticking with what they have. And of course, they have no idea what's changed in their codebase.

As #22 explained, we stopped using "latest" because of a variety of problems with how gitpod picked it up.

Where are you using the "drud/ddev-gitpod-base:latest" tag? Neither this repo nor the ddev repo use it...

Gotcha, thanks!