tl;dr: "...it is clear that distribution of these images may open both the users and the publishers of these images to public repositories to legal action."
If you build your own images that include the Oracle JDK, host them in a private registry, and don't distribute them to 3rd parties you are probably fine. Otherwise, you may be in violation.
I am definitely not a lawyer, but I don't see how this is something specific to docker. Wouldn't this apply to VMs as well?
The difference with a VM image (or an .iso, for that matter) is that it contains both your program and the JRE in the same deployable unit, which is what the license permits.
Docker containers, by contrast, store each layer separately, so that you can build up a runtime by overlaying multiple layer elements. Each software install results in its own layer being created and then pushed independently. This allows deltas to be shipped more efficiently since they only store the changes for each layer. However it now means that you're shipping the JRE separately from your application, which is against the rights given by the license.
If you use OpenJDK you can end up with an unknown version of Java - specifically whatever Debian or Canonical happened to pull from the source tree and ship, which in some cases have been automated top-of-tree pulls before.
See for example:
github.com/docker-library/openjdk/commit/00a9c5...
If you build your own images that include the Oracle JDK, host them in a private registry, and don't distribute them to 3rd parties you are probably fine. Otherwise, you may be in violation.
I am definitely not a lawyer, but I don't see how this is something specific to docker. Wouldn't this apply to VMs as well?