The real questions:
- can you trust a container to be available in the future the same
extent that you can trust a package in a stable Linux distribution?
- can you trust upstream developers to ensure they never put anything
non-free into their container images or does somebody have time to
verify the contents of those images on every update?
When you take something from an official package, it has usually been
looked at by a second set of eyes already. If you cut that step out
then how long is it before non-free stuff creeps in?