I do wish containers would become first class citizens like the OS, because some stuff is just harder in containers.
Like, for instance, security and validation against a SBoM. And that’s why this container shit needs.to.die . But, downvote and move on, and hope by the time you need it the machine that goes ‘beep’ by your hospital bed is built using methods better than “this will look great on my resume.”
Containers can provide SBoMs too and in comparison to HA OS, which is what the comment was referring to, container and core give you better control over the application allowing for more security mechanisms. Comparing container vs core for security is interesting cause container gives you some security features for free like seccomp, cap drops, namespacing, etc. which you don’t get for free with core.
I find the claim that core is more secure than a container because it has an SBoM as dubious, but maybe you’re talking generally about containers vs distro package managers, which is a different point, but SBoM isn’t the only thing that makes some secure/stable.
Like, for instance, security and validation against a SBoM. And that’s why this container shit needs.to.die . But, downvote and move on, and hope by the time you need it the machine that goes ‘beep’ by your hospital bed is built using methods better than “this will look great on my resume.”
Containers can provide SBoMs too and in comparison to HA OS, which is what the comment was referring to, container and core give you better control over the application allowing for more security mechanisms. Comparing container vs core for security is interesting cause container gives you some security features for free like seccomp, cap drops, namespacing, etc. which you don’t get for free with core.
I find the claim that core is more secure than a container because it has an SBoM as dubious, but maybe you’re talking generally about containers vs distro package managers, which is a different point, but SBoM isn’t the only thing that makes some secure/stable.