Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I don't think the problems the OP mentioned will resolve. Docker is fairly opinionated and so are the authors of it.

If the shoe fits; use it. But Docker is not a 1 size fits all;

  If the idea of trusting a ubuntu image that is debootstrapped from someone on the docker team huzzah
  If the idea of not running being able to run apt-get upgrade and having up to date packages; does not bother you then Docker is for you.
> Note I use Docker and it pains me to keep using it. I feel like I could be trusting Jack the Ripper; or the Pope.


They are not really problems. Your vendor should roll you new images when the software running in your container poses a security risk.

You always have to trust your vendor. And if you don't you can always roll your own docker images using the Dockerfile in their github repo.


The problem is that as Docker hub doesn't support digital signing of images uploaded to it, you are always trusting docker as well as the provider of the image, as anyone who has access (authorised or unauthorised) to their platform can just change the image.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: