Insecure: Requires root rights to generate the image, which may accidentally trash your distro
It is possible to create a rootfs entirely from scratch without ever needing real root privileges. This is how (e.g.) mmdebstrap with unshared works.
Poor reproducibility: Distributions get updates continuously, leading to different outcomes when running the same command
One solution here is to set up a mirror for your packages. Most package managers also allow you to specify the exact version of packages to install, so all you have to do is export the list of packages and their dependencies after a build.
If the author reads this, thanks. These are great.
It is possible to create a rootfs entirely from scratch without ever needing real root privileges. This is how (e.g.) mmdebstrap with unshared works.
One solution here is to set up a mirror for your packages. Most package managers also allow you to specify the exact version of packages to install, so all you have to do is export the list of packages and their dependencies after a build.