Do you know what’s in your container?

1. What you do in order to know what’s in your container? e.g. Do you you know what

2. FROM Ubuntu

3. pulls in?

Reproducibility

1. How do you create off-line container builds?

2. How do you build the same container multiple times bit-identical?

Open Source License Compliance

1. You potentially distribute the same package in different versions in different container layers. How you deal with this?

2. You need to provide “corresponding sources”, “license text” and various other things. How you do that?