nixos/doc/releases: Do not tag the release #124364
Closed
Commits on May 25, 2021
-
nixos/doc/releases: Do not tag the release
I have seen a customer use the release tag as a pinned version and the same can happen in flake input urls or similar input configs, like `niv --branch`. This results in a out of date version of the _all_ system packages, putting users at risk of security vulnerabilities and other issues that are addressed during the lifetime of a Nixpkgs/NixOS release. So clearly the tag poses a risk, but does it have a benefit? I don't think so. It does not name the branch-off point, so we don't need it for git operations. It does not represent the best or canonical version of the release either, as further fixes always occur after the release date. If it were the case, we'd tag all channel updates, but we don't, so for the same reasons, we should not tag the release.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.