[sdoering]

As far as I understand 'below' the application layer there is usually a basic image (like alpine) in docker? Do these first parties maintain these as well? If not the trust chain just got longer.

I would call myself at least somewhat technically capable. But I actually never grasped docker beyond the 'I can pack an image and deploy it to AWS' stage so that I can access an internal tool I built at work over the internet.

I was not really understanding what I was doing and was more or less blindly following some tutorials on the net.

When building and deploying things to the shared hosting environment I use privately I have a better (albeit far from perfect) understanding of what I am doing while I know that I am trusting the underlying infrastructure and the people behind that.