I was looking at the Docker images used to build the python images used in MetaBrainz projects, and found a number of things that can be changed to improve the way that the images are built, and some bugs in the current images:

From https://github.com/metabrainz/docker-python/blob/3714f5552440a27bfde5404a7a2a846d9412427d/2.7/Dockerfile

• Python 2.7.15 is out, we can do an upgrade
• Pip has a new version out too!
• The GPG key used to sign the version of python in this Dockerfile (2.7.12) seems to have disappeared: C01E1CAD5EA2C4F0B8E3571504C367C218ADD4FF. If I search on the keyserver at http://ha.pool.sks-keyservers.net/ it says that it can't be found, and the build fails with a similar error: gpgkeys: key C01E1CAD5EA2C4F0B8E3571504C367C218ADD4FF can't be retrieved
• sqlite development headers aren't installed (libsqlite3-dev), so the resulting python has no native sqlite support (this is needed in ipython for history, for example)
• readline development headers aren't installed (libreadline6-dev), meaning history doesn't work in the regular python shell either
• Cleanup is done in a separate layer (https://github.com/metabrainz/docker-python/blob/3714f5552440a27bfde5404a7a2a846d9412427d/2.7/Dockerfile#L64), which means that things like the source/build directory is actually included in the size of the resulting image, even though it's been removed. We could move this cleanup to after the python build.
• Similarly, removing build dependencies from apt will "remove" the packages from the system, but they will still occupy disk space from a previous layer. Consider moving this after the compilation step