I’m talking not only about trusting the distribution chain but about the situation where some services dont rebuild their images using updated bases if they dont have a new release.
So per example if the particular service latest tag was a year ago they keep distributing it with a year old alpine base…
Yes, because I mostly like to have my services built in a Debian container inside my Proxmox environment. If I’m running it in Docker, there’s a good chance it’s temporary/PoC, and in that case I do not rebuild or anything, I run it for whatever purpose it serves and then it either goes away or gets migrated to a handcrafted Debian container.