Closed Elbandi closed 1 month ago
This "fixes" things that aren't broken.
I appreciate the effort, but I don't see any value in these changes.
Hugin was missing from Debian unstable for a brief period of time in early 2022 due to a dependency issue. It just happened to overlap with the time when Ubuntu 22.04 was branched off from it. The base image can be updated in a few months, once the bugs are worked out of 24.04 but still well before 20.04 goes out of support.
If you don't pin version numbers, the latest versions will be used. Pinning version numbers forces older packages to be used until the pinned version numbers are updated, which is the potential security issue, not the other way around.
The pined versions are upgraded by renovatebot. after versionupgrade PR is accepted (by hand or automatic), image build action is triggered. So you dont have to watch packages every day/weeks and start imagebuild yourself, workflow do it instead of you.
So you dont have to watch packages every day/weeks and start imagebuild yourself
Currently, I don't need to watch anything. With this change, I would need to deal with useless pull requests. Thus, it would make more work for me. Thus, it isn't happening.
This pr do lots of thins:
For renovatebot you need a PAT token (read only access).