this post was submitted on 09 Mar 2024
545 points (96.0% liked)
memes
10680 readers
2478 users here now
Community rules
1. Be civil
No trolling, bigotry or other insulting / annoying behaviour
2. No politics
This is non-politics community. For political memes please go to !politicalmemes@lemmy.world
3. No recent reposts
Check for reposts when posting a meme, you can only repost after 1 month
4. No bots
No bots without the express approval of the mods or the admins
5. No Spam/Ads
No advertisements or spam. This is an instance rule and the only way to live.
Sister communities
- !tenforward@lemmy.world : Star Trek memes, chat and shitposts
- !lemmyshitpost@lemmy.world : Lemmy Shitposts, anything and everything goes.
- !linuxmemes@lemmy.world : Linux themed memes
- !comicstrips@lemmy.world : for those who love comic stories.
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Harder to accidently render insecure? My experience is the opposite, that docker style containers frequently fail to update vulnerable dependencies.
Also depending on context, I can say often the container is harder to use. Snap is probably the easiest to use of the solutions, flatpak makes cli invocation a pain, and docker style sucks entirely for interaction, but is fine if your primary interaction is via Web service once you set it up (but oh boy, adding a webui package means you get to mess with nginx or apache proxypass by hand, and each app may require subtly different parameters in proxypass).
Docker is not in a competitor for snap and flatpak. They are tackling very differend kinds of installations.
The person said "containers" so I was responding to both.
However, docker containers could stand to learn a thing or two with how flatpak and snap compose a runtime. Applications can say "allow x, y, and z dependency layers to update independent of the application container", versus the docker style of the app developer must own maintenance of the entire image.
There may be reasonable differences with respect to how much of a users "real" files and environment are presented to a container in those scenarios, and functional differences like gui and networking suggesting different defaults,, but image composition does not need differentiation for their use cases.