In the container we just wrote, we somewhat glanced over the line RUN apt-get update -q && apt-get install -qy iputils-ping since it requires a bit of a deeper discussion here. In most Linux distributions, packages rotate in versions all the time, but the listing of these indexes that tell us where to find these is baked into the original Docker image when it gets created (ubuntu:latest in this case). Before we can install a package, in most cases, our index files have been stale for too long (if they haven't been completely removed), so we need to update them. Splitting this && joined line into two separate ones would work for that first build:

RUN apt-get update -q
RUN apt-get install -qy iputils-ping

But what happens when you add another package to that second line later, as shown in the following line?

RUN apt-get install -qy curl iputils-ping

In this case, Docker is not very smart and will consider the update line to be unchanged and will not run the update command again, so it will use the state from the cache for the update layer and then continue on to the next one that tries to install curl (since that one did change since the last build), which is likely to fail if enough versions have been rotated in the repositories as the indexes will be stale again. To prevent this from occurring, we join the update and the install commands with && so they are treated as one directive and create one layer, in which case, changing any part of either of the two joined commands will break the cache and run the update correctly. Sadly, as you get more involved with scalable Docker components, using odd tricks such as these to manage the cache and do selective cache busting will become a large part of your work.