docker is the kind of software that i dont really have Strong Criticisms of but still refuse to use because im doing fine without it and also it has Enterprise Vibes

Follow

@AgathaSorceress

Last I used it (disclaimer: long ago), there was literally no way to pull an image by hash, or even to verify that an image has a particular digest. The only way not to trust the image store was to use signing, which is kinda weird if you _already_ have a way to pass something from the build process to the machine that will use the software in a trustworthy fashion.

I'm not sure if that would count as a Strong Criticism. I would tend towards yes, because apart from the direct issues caused by that it makes one doubt the way the software gets designed (it really smells of someone implementing a "we must have signing" requirement).

Sign in to participate in the conversation
Qoto Mastodon

QOTO: Question Others to Teach Ourselves
An inclusive, Academic Freedom, instance
All cultures welcome.
Hate speech and harassment strictly forbidden.