

LXC containers are awesome, but Docker.io sucks - Alupis
http://iops.io/blog/lxc-application-containers-docker-initial-thoughts/

======
markbnj
This article is a year old, and was based on early development versions of
Docker. It's not a good basis for discussion of the current version's pros and
cons.

~~~
Alupis
It's actually less than a year old -- but I think that point is more
important...

the Docker.io team is forcing their way into the Linux community egregiously
fast by being everywhere in every discussion always, sometimes even spreading
fud about things their product might do in the future... and... their project
is barely a year old now yet calls itself "enterprise ready". The Linux
community really needs to pump the breaks on this one...

~~~
wmf
Maybe it's comforting to think that somehow the Docker people strong-armed the
whole world (maybe they're part of the Lennart conspiracy), but realistically
they're not that powerful. People are adopting Docker because they actually
like it.

~~~
Alupis
Except that a great many people are using it for the wrong reasons, mostly
mistakenly thinking Docker somehow is providing huge security benefits to
them, when it really is not. Docker (and all containers for the matter) are
about application portability... the running applications can still modify
your rootfs by design -- it is not a "super chroot" that some people think it
is. The worst part is when Docker employees come on and start feeding this
fire with promises about future features, etc, people read them as-if it's
like that today.

~~~
SEJeff
"citation needed", solomon hykes (hn username: shykes) has been OVERLY
forthright about container security. I could easily find a dozen posts showing
so, but don't think you can find 2 to the contrary.

~~~
SEJeff
And for other people reading, this is from the docker project founder:

[https://news.ycombinator.com/item?id=7910117](https://news.ycombinator.com/item?id=7910117)

"""Docker will soon support user namespaces, which is a great additional
security layer but also not a silver bullet! When we feel comfortable saying
that Docker out-of-the-box can safely contain untrusted uid0 programs, we will
say so clearly."""

You simply don't get any more authoritative than the guy who wrote docker.

------
SEJeff
Seconding what markbnj said, the publish date on this article makes it not
relevant at all to the current version of docker:

04 Nov 2013 by Cal Leeming

