Pin versions in pip DOK-DL3013
Bug risk
Major
Version pinning forces the build to retrieve a particular version regardless of what’s in the cache. This technique can also reduce failures due to unanticipated changes in required packages. You can read more about version pinning here.
Bad Practice
FROM python:3.4
RUN pip install django
RUN pip install https://github.com/Banno/carbon/tarball/0.9.x-fix-events-callback
Recommended
FROM python:3.4
RUN pip install django==1.9
RUN pip install git+https://github.com/Banno/[email protected]
References
You can also specify the requirements in a text file and pass it to pip as shown here.