Do you know what’s in your container?
-
What you do in order to know what’s in your container? e.g. Do you you know what
-
FROM Ubuntu
-
pulls in?
Reproducibility
-
How do you create off-line container builds?
-
How do you build the same container multiple times bit-identical?
Open Source License Compliance
-
You potentially distribute the same package in different versions in different container layers. How you deal with this?
-
You need to provide “corresponding sources”, “license text” and various other things. How you do that?