2020-10-29 17:47:24
What is the current thinking about trying to get deterministic docker builds?

Fireduck
2020-10-29 17:47:56
It seems all well and good until you need to do an apt-get update && apt-get install X, then what you get depends on when you run it

Fireduck
2020-10-29 17:48:28
and if you don't do the apt-get update, you'll get 404s since the debian repos do not seem to keep old binaries that aren't referenced by any of the active streams/channels/whatever they call those

Fireduck
2020-10-29 19:05:43
those are not a thing, docker does not solve for that

Rotonen
2020-10-29 19:06:04
this is why you rebuild the image periodically

Rotonen
2020-10-29 19:06:44
and promote that to release and promote that to latest tag (or whichever tag you replace), if it passes automated quality gates

Rotonen
2020-10-29 19:07:36
so you have a canary in the coalmine in regards to something breaking bug-for-bug compatibility
and you stay up to date on security updates

Rotonen