Chapter 5: Nano Project (Refactor) - clarification

ashraf.fouad

Hello,
I was having different thought process when I was solving Chapter 5 - "Nano Project (Refactor)".

The whole idea:
Instead of picking a java image which I don't know the exact version of what I should be running at this point in time, is to check the Dockerfile for the maven image we have built and thought of using the same image but prior to installing maven, so I get full compatibility, and I don't need to worry about any Java version with the code.

So, I navigated to Maven Dockerfile for latest tag

I thought if I can build my run image from an image starting from step 8, I will be having maximum compatibility of Java and accurately run my image. Tracing from step 1 I found they started with a specific file that I can't get

ADD file:11157b07dde10107f3f6f2b892c869ea83868475d5825167b5f466a7e410eb05 in / 

So, my questions are:
1- Does my thought process make sense?
2- Is it doable to start from step 8? If yes, can you guide me on how to do it?
3- My main focus is not on refactoring but rather on the risk in the corporate world. If I'm a company/enterprise, and vendors provide their images to me all the time, shouldn't I review such images? understand its sources? Sorry, I'm coming from an enterprise background so I know we should have a list of approved OS, software, ... etc as an example, you were showing example running Tomcat, while I have JBoss as approved software, this will imply a risk for me as a company.

Sorry, the question is rather long, but containers are quite interesting and imply lots of cultural changes to the environment, and I'm trying to understand and relate them to my work.