Here’s what I learned: container base images grew up as a developer convenience tool, not a security artifact. Installing extra packages from the command line is one of the first things any Docker tutorial teaches–Docker’s own Dockerfile guide includes
apt-get install–and many of the most popular official images ship a full toolchain by default, with-slimand-alpinevariants offered precisely because the defaults carry more than most workloads need, and changing them would have broken enough downstream workflows that it was never going to be a routine upstream decision.There is also an incentive split. The upstream distribution maintainers and the developers using their images are different people with different priorities.
Users want to customize and add to images: they want new functionality that didn’t come out of the box.