Closed quovide closed 3 years ago
cverna
commented
3 years ago I believe is that it was just never something asked for. We try to update the images fairly often so to keep up with security updates and also have a base image that includes the latest updates from Fedora Linux.
How do you deal with security updates on a idempotent tag ?
quovide
commented
3 years ago @cverna True, but I think that discussion goes beyond the use of idempotent tags. I guess the easiest way is to refer to the sha256 hash at this point. Not all registries report the hash (e.g. https://registry.fedoraproject.org/) but Docker hub and Quay do, that's sufficient for us now.
I have a question/issue about the images built for https://hub.docker.com/_/fedora
Why are the images only tagged with the Fedora major version and not also with the release date? This interferes with the concept of stable builds which are commonly acknowledged to be a good practice. We really want to target a specific release at a specific moment, not just the latest.
Ubuntu for example, does include the timestamp in the Docker image tag: https://hub.docker.com/_/ubuntu
Am I seriously missing something?? Thank you for your time.