trusted-content: restructure doi section

[dvdksn]

Description

Restructure the content on Docker Official Images, making it a section instead of a single page. Add more details about how to interpret DOI tags, and the different variants that exist.

Preview

Related issues or tickets

Closes docker-library/official-images#14346

Reviews

• Technical review
• Editorial review

[netlify]

✅ Deploy Preview for docsdocker ready!

Name	Link
🔨 Latest commit	c09ec31
🔍 Latest deploy log	https://app.netlify.com/sites/docsdocker/deploys/6618e3322d8937000875d5ea
😎 Deploy Preview	https://deploy-preview-19745--docsdocker.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site configuration.

[thaJeztah]

Thanks! this looks like a good start; I left some comments for consideration.

I think it would be great to (as follow-ups) start incorporating some of the content described in the "7 ways Docker Official Images help secure the software supply chain" section from the blog-post;

• outline what users can expect w.r.t. (security) updates
• properties of official images that help with a secure supply chain (SBOM, attestation, Scout, etc).

[thaJeztah]

Not sure how much history we need to preserve, but perhaps we could do an intermediate commit that only does the rename (official-images.md -> official-images/_index.md)

[dvdksn]

I did that initially but then I squashed by accident 😆 I think it's fine to leave like this.

[thaJeztah]

Perhaps not for this PR (which mostly lays the groundwork to allow adding more sections), but wondering if we should somewhere mention the common use of debian as base, and why it's chosen.

[dvdksn]

Yes that would be good. We also have this page which is related, but a little bit of an oddity in the "build" section: https://docs.docker.com/build/building/base-images/

Not sure what to do about that if anything. Just an observation... Maybe there's a home for "base images" somewhere.

[whalelines]

@thaJeztah I'm not clear on what you are getting at. The debian DOI is used as a base image in 525 DOI variants, ubuntu in 534, and alpine in 495. Interestingly, eclipse-termurin is used as a base image in 400 other DOI. So the use of debian as a base image is not markedly more common than other DOI.

[thaJeztah]

Oh, interesting; I recall it used to be debian (as a default?), but maybe that changed (debian generally considered more "stable", but ubuntu having more up to date packages)

[tianon-sso]

If we look at repositories instead of individual tags, we get a slightly different story (the point about Ubuntu still holds, but it also helps highlight that Eclipse Temurin is a special case because Java is, not because Temurin itself really is):

$ bashbrew children --uniq debian | cut -d: -f1 | sort -u | wc -l
66
$ bashbrew children --uniq ubuntu | cut -d: -f1 | sort -u | wc -l
45
$ bashbrew children --uniq eclipse-temurin | cut -d: -f1 | sort -u | wc -l
23

[whalelines]

Thanks for adding this. I've provided a few changes you are free to ignore.

[dvdksn]

thanks for all the suggestions @whalelines 🎉 I've incorporated them

[tianon-sso]

So it doesn't get lost, we do have a community request to dig more into this: docker-library/official-images#14346

[tianon-sso]

The way I usually explain to maintainers for how to choose which variant to put latest on is "Which image would you suggest users should use if they have no idea or are unfamiliar with the underlying software?" (which I think more clearly highlights why ubuntu:latest is the latest LTS, not the latest release 👀)

[tianon-sso]

Just one really minor nit; thank you! ❤️

[whalelines]

@dvdksn could you add a 'Closes docker-library/official-images#14346' in the description of this PR please?

[whalelines]

I've made a few suggestions.

[dvdksn]

thanks again @whalelines :-)

[bader1000]

Hello