Hacker News new | ask | show | jobs
by code_biologist 1190 days ago
There are exceptions though. I'm the kind of person that would pin Jenkins to latest even if it is an antipattern. I'm way more concerned about security flaws than a temporary CI breakage. So for me: Everyone should be pinning Jenkins to latest to avoid accidentally staying on a release with security holes.
2 comments
rightbyte 1190 days ago
You are not only auto pulling fixes bit also auto pulling new security holes though.

My take on Jenkins with all its plugins is that it need to be properly shielded from external access anyways.

link
3np 1190 days ago
You probably want to pin to at least a major tag to avoid auto-pulling breaking changes at any moment but still getting security updates.
link