While @jrusz and I were talking with @rogue about the security exception(s) that we need for
IBM, @rogue noted that quay.io/aippc/base-images was not approved to be used as a 'base image' (our naming is confusing).

There have been some preliminary discussions in

https://gitlab.cee.redhat.com/releng/konflux-release-data/-/merge_requests/6121

@jrusz did point out that while we are doing internal konflux builds and
the content is pushed to quay.io/aipcc, we do not publicly release our
AIPCC images. The images we produce are only shipped as part of other
products.

@rogue's concern is primarily that we are not doing hermetic reproducible
builds AFAICT, and that we might be pulling in random things from the internet
that we should not be doing. I also suspect he is worried about security scans.

We need to have discussions with Prod Sec about our images to make sure they understand what we're building and how we're building it.