- However, Pulumi has a few downsides:
- You have to install the language runtimes and dependencies for the language you're using
- The code has to run on the server that's managing the infrastructure
This sounds reasonable at first, but then you come to the shocking realization that code that runs on the host machine can do literally anything it wants. This means that if a dependency gets popped, your infrastructure is now compromised and likely has cryptocurrency miners running on it.
can't you just put whatever you use to manage infrastructure in a docker container / appimage / whatever and be free of "what if dependencies contain cryptominers" problem?
