I don’t have in-depth knowledge of the differences and how big that is. So take the following with a grain of salt.
My main point is that using containerization is a huge security improvement. Podman seems to be even more secure. Calling Docker massively insecure makes it seem like something we should avoid, which takes focus away from the enormous security benefit containerization gives. I believe Docker is fine, but I do use Podman myself, but that is only because Podman desktop is free, and Docker files seem to run fine with Podman.
Edit: After reading a bit I am more convinced that the Podman way of handling it is superior, and that the improvement is big enough to recommend it over Docker in most cases.
Not only that but containers in general run on the host system’s kernel, the actual isolation of the containers is pretty minimal compared to virtual machines for example.
It amused me that the votes on your comment (a simple factual statement) reflect how many people here vote without knowing what the fuck they’re talking about.
Isn’t Docker massively insecure when compared to the likes of Podman, since Docker has to run as a root daemon?
I prefer Podman. But Docker can run rootless. It does run under root by default, though.
I don’t have in-depth knowledge of the differences and how big that is. So take the following with a grain of salt.
My main point is that using containerization is a huge security improvement. Podman seems to be even more secure. Calling Docker massively insecure makes it seem like something we should avoid, which takes focus away from the enormous security benefit containerization gives. I believe Docker is fine, but I do use Podman myself, but that is only because Podman desktop is free, and Docker files seem to run fine with Podman.
Edit: After reading a bit I am more convinced that the Podman way of handling it is superior, and that the improvement is big enough to recommend it over Docker in most cases.
Not only that but containers in general run on the host system’s kernel, the actual isolation of the containers is pretty minimal compared to virtual machines for example.
It amused me that the votes on your comment (a simple factual statement) reflect how many people here vote without knowing what the fuck they’re talking about.
I think many of the people don’t understand the difference between containers vs VMs
… With the tradeoff being containers much more lightweight and having much less overhead than VMs…
What exactly do you think the vm is running on if not the system kernel with potentially more layers.
Virtual machines do not use host kernel, they run full OS with kernel, cock and balls on virtualized hardware on top of the host OS.
Containers are using the host kernel and hardware without any layer of virtualization