Yeah, not pinning versions in a container build is bad practice imo.
Though, I haven't used Debian-based distros in a while, but does apt actually serve really old versions of its packages? I vaguely seem to remember that you could realistically only `apt install` the last few versions of a package.
You can install specific versions of libs with apt[1] but only if that happens to be compatible with your system deps... it's possible to run into trouble where one utility you install requires openssl 3 and another requires the latest version, and then you can't have both libs together easily. But normally, a distro is meant to keep a bunch of utilities with compatible versions for you. I just think that this way of doing things may not be appropriate for building software, and if you look at how Nix does it, for example, you can see that they break up with the traditional Linux distro system and let you have multiple environments with different libraries installed - and you can totally pin everything to make sure it will work forever (or until the sources/binaries can be fetched).
Yeah but I assume that you'd be pinning the base image, in addition to whatever you apt install. If I install, let's say Debian 6, can I use `apt install package=version ` to install the 2011 versions of most packages?
Though, I haven't used Debian-based distros in a while, but does apt actually serve really old versions of its packages? I vaguely seem to remember that you could realistically only `apt install` the last few versions of a package.