Outdated base image in kernel-py Dockerfile #1276
-
|
Any reason why kernel-py Dockerfile is still referencing scipy-notebook:2022-01-24 base image (why the version is hard coded in the first place?) It has been more than a year since releasing the scipy-notebook:2022-01-24 image and the packages in it are outdated (to mention, the latest version of conda is 23.1.0 but scipy-notebook:2022-01-24 has conda 4.8.2) |
Beta Was this translation helpful? Give feedback.
Replies: 3 comments
-
|
Hello @Chiragasourabh,
We prefer pinned base images to ensure a certain degree of reproducibility (and stability). Since we install updated kernels, we really don't leverage much from the base image.
If you feel there are justified reasons to update the base images, please feel free to open a pull request. I only ask that all base images deriving from |
Beta Was this translation helpful? Give feedback.
-
|
Is there any specific reason why the version is hard-coded in the first place? It would be great to update the base image to ensure that the packages are up to date and to avoid any potential security vulnerabilities. |
Beta Was this translation helpful? Give feedback.
-
From above: We prefer pinned base images to ensure a certain degree of reproducibility (and stability). We should probably consider updating base images more frequently (perhaps on minor release boundaries?) but should not (IMO) use |
Beta Was this translation helpful? Give feedback.
Hello @Chiragasourabh,
We prefer pinned base images to ensure a certain degree of reproducibility (and stability). Since we install updated kernels, we really don't leverage much from the base image.
If you feel there are justified reasons to update the base images, please feel free to open a pull request. I only ask that all base…