[pit]

"Pin package versions" -- yes. One of the things that has been bugging me about Docker is that if you begin every Dockerfile with an `apt-get -y update`, you never know what you're going to end up with.

On the other hand, pinning every package that you install would end up being pretty verbose.

[gizzlon]

Yeah , if you use the Dockerfile, but pre-build images has tags and ID's that you can use to make sure you always get the same image.

I see a few reasons to build your own from the Dockerfile:

  - 1) You don't trust the image and want to build your own.
  - 2) You want to build something slightly different
  - 3) You want an up-to-date version.

2) is often solved by building your own image with the changes, and I think 1) is solved by the Automated Builds (?), but I haven't used them yet.

[thinkingkong]

If you need to pin all your packages then it probably makes more sense to just have your own software package "layer" that imports your pinned base with the packages that are required.

[15020]

Many organizations are actually doing this.

[digisign]

Depends on which Debian I believe, but Ubuntu doesn't update their package versions beyond security fixes within a single distro version.

So you'll generally want those fixes, unless they really broke something, which I'd guess would be somewhat rare.

[YokoZar]

Ubuntu also issues stable release updates (particularly to the latest LTS version) to fix regressions, major bugs, or occasionally update minor release versions. Some applications known to have good release procedures are also allowed updates (eg Firefox).

[sp332]

Why do an update if you prefer your packages to be pinned?

[michaelmior]

Depending on what your base image is, the pinned versions you want to install may not be available.

[pit]

I hadn't even thought of pinning packages before I read the article; I'm kind of a sucker for apt-get update. I've been thinking a lot about Docker lately, and something in the back of my mind was like, "but what if you don't want the latest version of everything?"