alexanderniki4d ago

There is something I still can't get about #Docker. It's the trend to distribute even small simple scripts or apps as containers.

There are definitely some cases when we have to distribute, deploy and run large complex software. And those cases are completely understandable and Docker (or any other containerisation) is good for it.

But when I see, let's say, a simple #Python tool distributed as a container, I see the same problem as with #Electron but even worse. Instead of running a browser, here we have to run almost whole operating system in a sandbox wich is almost like a virtual machine.

To me it looks like an insane overkill and overengineering.

Show threadMatthew Martin4d ago

@alexanderniki Imho, the motivating reason is to deal with popular pypi packages getting highjacked and replaced with credential stealers that can run without any more user interaction than the initial install.

If the concern is transitive dependencies, then venvs are enough. If the concern is malice, there are no other good lightweight containers other than docker.

There are a lot of creative efforts to create lightweight sandboxes (bash fork that can't write to file system, port to wasm, etc

Show threadMatthew Martin

Whalebrew turns all brew installs into containers. https://github.com/whalebrew/whalebrew

my version for python is still pretty alpha https://github.com/matthewdeanmartin/safe_whale

GitHub - whalebrew/whalebrew: Homebrew, but with Docker images

Homebrew, but with Docker images. Contribute to whalebrew/whalebrew development by creating an account on GitHub.

GitHub
Jun 7 at 11:36amElk