The Rocket containerization system

Posted Dec 4, 2014 19:38 UTC (Thu) by dlang (guest, #313)
In reply to: The Rocket containerization system by ms
Parent article: The Rocket containerization system

> From a pure design PoV, there are many things that are fairly horrible about Docker, from the inability to support deployments across several machines

This shouldn't be part of the container definition, this should be an added layer of management above that (which is what it sounds like Rocket is intending to do)

> Is it really great that there are 65,000 images in Docker hub? Do we really need 900 images just running Redis?

why in the world would you trust an image from a website that anyone can upload to? that's worse than just downloading and executing random binaries.

Now, a recipe for building an image from distro X would be reasnable (I think Fedora calls this a kickstart definition)

I agree that Docker seems to be trying to cash in on the dev-ops hype.

The Rocket containerization system

Posted Dec 11, 2014 6:08 UTC (Thu) by Mook (subscriber, #71173) [Link]

> why in the world would you trust an image from a website that anyone can upload to? that's worse than just downloading and executing random binaries.

> Now, a recipe for building an image from distro X would be reasnable (I think Fedora calls this a kickstart definition)

My understanding is that that's pretty much how the docker hub thing works; it grabs a recipe possibly with associated files, runs it on their servers, and exposes the result.

Of course, that means you should probably read that recipe and figure out if the associated files (and actions in the recipe, any downloads that does, etc.) might be dangerous before actually grabbing the image. Their last release was about vulnerabilities when pulling evil images...