

Boycott Docker - 88e282102ae2e5b
http://www.boycottdocker.org/

======
rdl
IMO, "Boycott" is the wrong term here. This is making an argument that Docker
is bad due to Docker-inherent technology decisions. If that's true, those are
the reasons not to use it.

Boycotts are reasons to not use a product for external reasons. i.e. not
buying an otherwise-awesome car because the manufacturer used slave labor in
the past.

(I personally hate containers and am way more into hardware-assisted
virtualization, but I'm an outlier, and this is orthogonal to whether
"boycott" is the right term here.)

------
jpgvm
Though I agree in principal with what is trying to be said it's unfortunate
that it's wrong in several places.

For instance, Docker doesn't enforce you to run a single process per
container. It simply requires you to provide it with one root process. This is
true for all *nix systems, if you wanted to you could give it /sbin/init (or
busybox, or systemd, or a custom supervisor) and launch SSH, NTP and friends
under that.

All true on the networking front, things really do suck there out of the box.
I would recommend looking at flannel with the native VXLan backend to reduce
said suckage.

The storage stuff is made somewhat ok by the ability to pass volumes or entire
storage devices in, which is what you should be doing for anything performance
sensitive.

------
jraedisch

        Docker is vendor lock-in technology
    

This I do not understand. For me, one of Docker's selling points is easily
being able to deploy/move containers, even to my own hardware (if I am running
the daemon).

------
kayman
Docker is here to stay with backing from large vendors.

The problems stated can and will be resolved as they evolve.

Personally, I use freebsd jails which is much better than docker. But if
someone wants to use Docker, why not?

Regardless, I don't feel like containerization is not going anywhere.

------
damm
I don't think the problems the OP mentioned will resolve. Docker is fairly
opinionated and so are the authors of it.

If the shoe fits; use it. But Docker is not a 1 size fits all;

    
    
      If the idea of trusting a ubuntu image that is debootstrapped from someone on the docker team huzzah
      If the idea of not running being able to run apt-get upgrade and having up to date packages; does not bother you then Docker is for you.
    

> Note I use Docker and it pains me to keep using it. I feel like I could be
> trusting Jack the Ripper; or the Pope.

~~~
x5n1
They are not really problems. Your vendor should roll you new images when the
software running in your container poses a security risk.

You always have to trust your vendor. And if you don't you can always roll
your own docker images using the Dockerfile in their github repo.

~~~
raesene4
The problem is that as Docker hub doesn't support digital signing of images
uploaded to it, you are always trusting docker as well as the provider of the
image, as anyone who has access (authorised or unauthorised) to their platform
can just change the image.

