←back to thread

I ditched Docker for Podman

(codesmash.dev)
1101 points codesmash | 1 comments | 05 Sep 25 11:56 UTC | HN request time: 0.207s | source
Show context
Hizonner ◴[05 Sep 25 13:34 UTC] No.45138382[source]
I don't know how podman compares to docker in terms of performance, and I do know that rootless containers can be a real pain.

But Docker is simply a non-starter. It's based on a highly privileged daemon with an enormous, hyper-complicated attack surface. It's a fundamentally bad architecture, and as far as I've been able to tell, it also comes from a project that's always shown an "Aw, shucks" attitude toward security. Nobody should be installing that anywhere, not even if there weren't an alternative.

replies(3): >>45138412 #>>45141417 #>>45151417 #
1. sroerick ◴[06 Sep 25 17:54 UTC] No.45151417[source]
I could not agree more with this, and I am baffled by most of the tech scene's complete ignorance of security in this regard