11.1.1.2 Maintained Source Trust
A focused guide to Maintained Source Trust, connecting core concepts with practical Docker and container operations.
Maintained source trust reflects the principle that an image's trustworthiness depends significantly on whether it's actively, currently maintained — receiving timely security patches and updates — rather than relying solely on its origin or reputation at the time it was first published.
Why Active Maintenance Matters More Than a Past Reputation
An image that was well-regarded and actively maintained two years ago, but hasn't been updated since, no longer carries the same trust basis it once did, since any vulnerabilities discovered in its packages since that time remain unaddressed.
docker pull someuser/once-popular-tool:1.0
Checking this image's actual last-updated date reveals whether its current state still reflects active, trustworthy maintenance, or whether it's effectively abandoned despite an earlier good reputation.
Checking an Image's Recent Update History
Most registries display when a given image tag was last pushed, providing a direct signal of how current its maintenance actually is.
docker pull node:20-alpine
A recently updated official image like this reflects ongoing, active maintenance, in contrast to an image whose last update was years in the past.
Why a Linked, Active Source Repository Strengthens This Signal
An image whose Docker Hub listing links to an actively maintained source code repository provides additional confidence that the image genuinely reflects ongoing development, rather than being an orphaned, unmaintained artifact.
docker pull someuser/actively-maintained-tool:2.1
Checking this image's linked source repository for recent commits and issue activity provides further confirmation of genuine, ongoing maintenance.
Why Maintained Source Trust Matters
Evaluating an image's trustworthiness based on its current, ongoing maintenance status — not just its origin or a past reputation — is an important, dynamic consideration that should be periodically reassessed, since a previously trustworthy image can become considerably less so if its maintenance has since lapsed.