Considering how many apps use docker nowadays, that really surprises me that they wouldn’t support it. There’s that linuxserver docker repository that’s packaged hundreds of applications for docker.
Docker is not bad for security, unless you do insecure things like exposing your Docker socket or running random workloads as root, however those are just as insecure under systemd.
This is not insecure. It is surprising if you don’t know how containers work, but in a real deployment you’d only bind to localhost and use a reverse proxy and that is perfectly safe.
How is this different from say, SystemD? It runs as root and has a larger attack surface.
The link you pointed out has every CVE for every application packaged as Docker image. Would you make the same point that APT or AppImage is insecure because there are insecure applications packaged that way?
It’s very different because SystemD does way more things than running containers.
Also, this is whataboutism.
The link you pointed out has every CVE for every application packaged as Docker image.
You could scan through the list and check for yourself which ones are due to docker itself.
Besides, I updated the link to filter out the spurious CVEs.
Would you make the same point that APT or AppImage is insecure because there are insecure applications packaged that way?
I would not… unless the tool itself was actively encouraging bad security practices, for example bundling dependencies, as Docker/AppImage/Flatpak/Snap do.
Hey, that’s cool that someone formatted them for the lemmy docs… I think I’ll have to get in there and try and push some updates. Heh, I also see mention of things like “respective authors” with no authors mentioned. I’ll try and get some changes merged soon.
deleted by creator
Thats great, I didnt even know that Yunohost was blocked by our lack of documentation.
deleted by creator
I simply made a comment in the thread you linked haha
deleted by creator
Considering how many apps use docker nowadays, that really surprises me that they wouldn’t support it. There’s that linuxserver docker repository that’s packaged hundreds of applications for docker.
deleted by creator
deleted by creator
docker is really bad for security and adds a lot of unnecessary complexity
Docker is not bad for security, unless you do insecure things like exposing your Docker socket or running random workloads as root, however those are just as insecure under systemd.
It has some weird behaviour, for example ufw rules dont apply to Docker.
This is not insecure. It is surprising if you don’t know how containers work, but in a real deployment you’d only bind to localhost and use a reverse proxy and that is perfectly safe.
deleted by creator
Docker runs the whole daemon as root and has a large attack surface. Also, it has a lot of footguns that can mislead the user. Its security track record speaks for itself: https://www.cvedetails.com/product/28125/Docker-Docker.html?vendor_id=13534
How is this different from say, SystemD? It runs as root and has a larger attack surface.
The link you pointed out has every CVE for every application packaged as Docker image. Would you make the same point that APT or AppImage is insecure because there are insecure applications packaged that way?
It’s very different because SystemD does way more things than running containers. Also, this is whataboutism.
You could scan through the list and check for yourself which ones are due to docker itself. Besides, I updated the link to filter out the spurious CVEs.
I would not… unless the tool itself was actively encouraging bad security practices, for example bundling dependencies, as Docker/AppImage/Flatpak/Snap do.
Hey, that’s cool that someone formatted them for the lemmy docs… I think I’ll have to get in there and try and push some updates. Heh, I also see mention of things like “respective authors” with no authors mentioned. I’ll try and get some changes merged soon.