Pin image versions explicitly to a release tag DOK-DL3007
Bug risk
Major
Using the latest tag can cause breakages when a new version of an image is released. You can never rely on the assumption that the latest tag points to a specific version of an image.
It is recommended to always use a specific tagged image, e.g. ubuntu:12.04. That way you always know exactly what variant of an image is being used.
Bad Practice
FROM debian:latest
Recommended
FROM debian:jessie