Closed DerRockWolf closed 2 years ago
tianon
commented
2 years ago See https://busybox.net/ -- we use BusyBox upstream's version numbers verbatim, and they unfortunately do not differentiate unstable in any way more than it's usually the .0 release of a new minor.
DerRockWolf
commented
2 years ago Ok then I have to live with that unfortunately.
If release .0 is always unstable I at least can ignore the PRs.
Thanks for your help :)
nickovs
commented
1 year ago Unfortunately the .0 tag is not always unstable. The current stable version is 1.35.0, as per the commit message on 1_35_stable branch.
It would be nice if busybox:latest was updated to be 1.35.0 when you have the time!
tianon
commented
1 year ago https://busybox.net/ still lists 1.35.0 as "unstable" and if you look historically on that page, the .0 is always unstable -- I think the 1_35_stable branch probably exists specifically so that a future 1.35.1 (stable) branch could be cut from it.
However, I do think that given the unique way that BusyBox uses the common "stable" and "unstable" terms, we probably should move latest to point to the latest version number (which as of #160 will be 1.36.0).
tianon
commented
1 year ago Upon further consideration, I think we really ought to probably go even further here and no longer package "stable" and "unstable" but rather "latest major.minor" and "second-latest major.minor" (which today would give us 1.35.0 and 1.36.0 instead of 1.36.0 and 1.34.1, which is kind of a weird mix just because 1.34 happened to have a .1 release and 1.35 hasn't yet) but I'm not sure where that leaves us with the "stable" and "unstable" aliases. Perhaps they come and go based on whether our two releases are stable or unstable? (ie, we'd have busybox:unstable which would point to 1.36.0 but we would stop updating busybox:stable for now until there's a new .1 release)
nickovs
commented
1 year ago https://busybox.net/ still lists 1.35.0 as "unstable" and if you look historically on that page, the .0 is always unstable -- I think the 1_35_stable branch probably exists specifically so that a future 1.35.1 (stable) branch could be cut from it.
I stand corrected!
However, I do think that given the unique way that BusyBox uses the common "stable" and "unstable" terms, we probably should move latest to point to the latest version number (which as of https://github.com/docker-library/busybox/pull/160 will be 1.36.0).
As for where to point latest, there's plenty of precedent either way. For instance, ubuntu:latest currently points to ubuntu:22.04 because that's the latest LTS version.
tianon
commented
1 year ago Yeah, latest is a bit of a misnomer (that we as a container community can't really correct reasonably at this point) -- I interpret :latest not as "what's the latest release" but rather "what should I choose to use if I don't know what I need" which matches Ubuntu pointing to the latest LTS release instead of the latest rolling release.
nickovs
commented
1 year ago I believe that what happened with 1.35 is that it turned out that 1.35.0 was plenty stable enough, so it never got a point release, so it never got a new tag. So, ironically, by being too stable it never got marked as stable.
nickovs
commented
1 year ago Yeah,
latestis a bit of a misnomer (that we as a container community can't really correct reasonably at this point) -- I interpret:latestnot as "what's the latest release" but rather "what should I choose to use if I don't know what I need" which matches Ubuntu pointing to the latest LTS release instead of the latest rolling release.
By that measure busybox:latest should probably point to the highest numbered version that is either marked as stable or is on a branch that is marked stable and is more than <threshold age> old. Version 1.35.0 is more than a year old and as such is de facto stable. Once a branch is stable the Busybox team don't add any new functions, they just seem to do bug fixes.
FWIW, the CVE mentioned in #133 may result in a 1.35.1 being release; if so they might even mark it as stable!
tianon
commented
1 year ago Refactored in https://github.com/docker-library/busybox/pull/161 :+1:
Unstable images are already tagged with additional tags identifying that they are unstable.
In addition it would be very useful, when using e.g. renovate bot for update automation, if the tags containing the version number would be suffixed with
-rcor-unstableresulting in1.35.0-rcinstead of1.35.0. This would keep Renovate from bumping to unstable versions and would remove the need to manually check if the image is stable or not.