Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Boycott Docker (boycottdocker.org)
32 points by 88e282102ae2e5b on June 12, 2015 | hide | past | favorite | 7 comments


IMO, "Boycott" is the wrong term here. This is making an argument that Docker is bad due to Docker-inherent technology decisions. If that's true, those are the reasons not to use it.

Boycotts are reasons to not use a product for external reasons. i.e. not buying an otherwise-awesome car because the manufacturer used slave labor in the past.

(I personally hate containers and am way more into hardware-assisted virtualization, but I'm an outlier, and this is orthogonal to whether "boycott" is the right term here.)


Though I agree in principal with what is trying to be said it's unfortunate that it's wrong in several places.

For instance, Docker doesn't enforce you to run a single process per container. It simply requires you to provide it with one root process. This is true for all *nix systems, if you wanted to you could give it /sbin/init (or busybox, or systemd, or a custom supervisor) and launch SSH, NTP and friends under that.

All true on the networking front, things really do suck there out of the box. I would recommend looking at flannel with the native VXLan backend to reduce said suckage.

The storage stuff is made somewhat ok by the ability to pass volumes or entire storage devices in, which is what you should be doing for anything performance sensitive.


Docker is here to stay with backing from large vendors.

The problems stated can and will be resolved as they evolve.

Personally, I use freebsd jails which is much better than docker. But if someone wants to use Docker, why not?

Regardless, I don't feel like containerization is not going anywhere.


I don't think the problems the OP mentioned will resolve. Docker is fairly opinionated and so are the authors of it.

If the shoe fits; use it. But Docker is not a 1 size fits all;

  If the idea of trusting a ubuntu image that is debootstrapped from someone on the docker team huzzah
  If the idea of not running being able to run apt-get upgrade and having up to date packages; does not bother you then Docker is for you.
> Note I use Docker and it pains me to keep using it. I feel like I could be trusting Jack the Ripper; or the Pope.


They are not really problems. Your vendor should roll you new images when the software running in your container poses a security risk.

You always have to trust your vendor. And if you don't you can always roll your own docker images using the Dockerfile in their github repo.


The problem is that as Docker hub doesn't support digital signing of images uploaded to it, you are always trusting docker as well as the provider of the image, as anyone who has access (authorised or unauthorised) to their platform can just change the image.


    Docker is vendor lock-in technology
This I do not understand. For me, one of Docker's selling points is easily being able to deploy/move containers, even to my own hardware (if I am running the daemon).




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: