The current central registry is hard-coded in docker's source code and every other docker registry is a second class citizen. That means it's quite easy to push images which contain confidential data or code to a public registry by accident.
Possible solutions:
- Offer docker builds without a hard-coded docker registry & make the registry URLs configurable; these docker builds would be tagged as "docker enterprise"
- Add some kind of tagging for images to disallow pushing anything based on them to the central registry & add a default registry configuration option
The second issue is that the central registry is closed source and there's no way to debug any of the issues which seem to show up every now and then when pushing images. It's a well known fact that docker is marked as "not stable / not for production use", but there seem to be all sorts of issues with the central registry - including performance, availability and other problems with image management. The team of maintainers & developers which are looking after the registry's code and the registry itself are doing everything they can, but that doesn't seem to be allowing the community to help with these issues.
Possible solutions:
- Develop a Go based docker registry with the full capabilities of the central docker registry, provide it as a ready to be deployed docker image & test the Go based registry and docker against this registry
- Open source the central registry & let the community help with its development