On Aug 29, 2016 8:30 AM, "Roman Shaposhnik" <ro...@shaposhnik.org> wrote: > > ... > >> Note that there was a separate discussion focused on where is the right > >> place for nightly/snapshot Docker builds to be deposited to. > >> > >> Sadly, that discussion bore no fruit :-( > >> > > > > Was there? I would love to get discussing about that. Not for an > > incubating project but for a TLP. I share concerns about "latest" but > > also see benefit to developers being able to use a "LATEST" tagged > > pre-release. > > There was: https://mail-search.apache.org/members/private-arch/infrastructure/201608.mbox/%3CCA+DCeTG4=yrG8aoj=rvu8o71vjmeutndd5cyjkxialktxwt...@mail.gmail.com%3E > > FWIW, I say that we should just adopt a repository.apache.org approach > and declare that nightly/snapshot Docker images can only be distributed > from our own Docker repo. That way there's absolutely 0 chance anybody > can get them by accident. >
If the "latest" tag points only to releases, then that would take care of this as well. If only a specific "snapshot" tag ever points to snapshot images, then getting them would require: $ sudo docker pull foo:snapshot Zero chance of a user typing that by accident as well. - Mike
