The phrase "many eyes gives better security" works in the open source world extremely well ... as long as you can make sure that all parts of the security model are available for independent review.

As soon as you hide any part of that, the "many eyes" security model no longer applies. Docker hides part of that process when they create the docker image and do not make available the vendor image from which the docker image was created.

I've been finding that physics simulations that tax a GPU are very taxing on a virtual system in KVM when you don't have a GPU passthrough.

NVidia created their own Docker image that allows this seamlessly. I worry though that the Docker infrastructure is to be cavalier about the signing process for what gets to be part of an official image. For example Nvidia does not sign their docker images.

https://gitlab.com/nvidia/container-images/cuda/-/issues/108#note_502102151

The power of Open Source technology is the ability to delve deeply into the guts of a released project to see what's happening behind the scenes. That usually requires not just downloading the completed packages and looking at the code, but replicating the process used to create the packages and seeing if you get the same thing on an independent system.

Ubuntu does an excellent job of setting a trust chain that can be tracked all the way down to the original code both with hashes and signatures. You can follow the base code signature and hashes all the way up to the final signed/hashed distribution.  How about docker?