Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> your post has big “they’re holding the iPhone wrong!” vibes

More like "it just isn't meant to be used for that". At least not in the default configuration, and that's fine!

> seemingly ignores the historic reasons that people would think it provides security

I've been using docker since it was announced. People have always been very clear that docker is not a security boundary, at least not with its default configuration.



> People have always been very clear that docker is not a security boundary, at least not with its default configuration.

I’ve also used it since the beginning and that’s some mighty strong revisionism.

Docker was compared to VMs — with a tiny asterisk of fine print that it’s not actually configured to employ security features it’s built with.


> Docker was compared to VMs

By certain people, yes. They have always been wrong. Never by the docker team themselves.


I think your point is valid. Docker was indeed all about developer productivity in the beginning and it's up to infrastructure operator to lock it down.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: