[vkjv]

tl;dr: "...it is clear that distribution of these images may open both the users and the publishers of these images to public repositories to legal action."

If you build your own images that include the Oracle JDK, host them in a private registry, and don't distribute them to 3rd parties you are probably fine. Otherwise, you may be in violation.

I am definitely not a lawyer, but I don't see how this is something specific to docker. Wouldn't this apply to VMs as well?

[teraflop]

Sure, but the default Docker registry is public, and Docker encourages you to create and publish images without any mention of copyright.

The same argument applies to e.g. EC2 machine images, but AMIs are private by default.

[alblue]

The difference with a VM image (or an .iso, for that matter) is that it contains both your program and the JRE in the same deployable unit, which is what the license permits.

Docker containers, by contrast, store each layer separately, so that you can build up a runtime by overlaying multiple layer elements. Each software install results in its own layer being created and then pushed independently. This allows deltas to be shipped more efficiently since they only store the changes for each layer. However it now means that you're shipping the JRE separately from your application, which is against the rights given by the license.

[imtringued]

I am not a lawyer either but it all boils down to distributing JRE + your software is okay but distributing the JRE alone is not.