Kevin, On 3/25/21 7:40 PM, Fox, Kevin M wrote: > That would be unfortunate. Some clusters won't be able to distinguish if > there is an update or not.
If your toolchain is unable to correctly handle changing tags for Docker Images then it is completely broken. This is happening all the time with the 'latest' tag or the branch specific specific aliases (e.g. 'haproxy:2.2' tracking 2.2.x). If you want to ensure that you receive a specific tested version then you could either mirror the tested image onto your infrastructure with a tag of your choice or reference them by digest. Tianon from DOI Team (also put into Cc) directed me to this list of commits that tracks all changes to the 'haproxy' image: https://github.com/docker-library/repo-info/commits/master/repos/haproxy/remote/latest.md > That's one reason I typically follow the distro convention of packaging, of > tacking onto the tag a -1, so if I need to bump them, it can be. -2 when a > new release of the same version comes out. -3 next, etc. Could something like > that be adopted? Unless you are consuming the 'haproxytech/*' images your request is best directed here: https://github.com/docker-library/official-images/ However I don't expect this to be implemented. It seems to introduce much work for very little benefit and might prevent users that accidentally use these tags without understanding them from receiving security fixes. Tianon might or might not authoritatively comment on this :-) Best regards Tim Düsterhus PS: For the folks interested in the rebuild. The update of the 'debian' base image is happening here: https://github.com/docker-library/official-images/pull/9862
