[richardkmichael]

Having an extensive background in *nix and network systems through the 90s and early 2000s, image maintenance is the main reason I have avoided docker until recently (just not having time to investigate). One major reason to pay an OS vendor (e.g. RHEL) is to "outsource" security and systems-integration testing, so that ops people can simply "update" (the entire dep-tree of the distribution). I don't want to bring all that effort in-house, especially if I'm still paying for a vendor service contract. That said, I agree security and deployment can be eased by any form of "container" (in numerous OSes) because ops people can black-box the software while managing resource allocation, etc.

How are people handling container maintenance?

For example, I could imagine modifying SRPM spec files to also build a container (possibly even statically linked binaries inside). Then I can vendor update, and rebuild all the containers I need from SRPM; not much more complicated than `rpmbuild postgressql`, and re-deploy the emitted postgres container.