Next evolution, just a one line bash script.

  • JasonDJ
    link
    fedilink
    arrow-up
    4
    arrow-down
    1
    ·
    11 months ago

    If it’s an open-source project, usually the dockerfiles are available for reading.

    Do you audit every line of code that you run in production? If you are trying some new python/django/sql app, are you reviewing all that?

    I’d assume with a python based project, you’d be able to at least look at requirements and tell there’s something that sets off red flags. And you are either familiar/trust the maintainer, or you are reviewing the actual python itself?

    Beyond that, the dockerfile is essentially just installation instructions for getting it running on a virgin system of X distribution. I wouldn’t call that a black box.

    If the container isn’t part of an open source project, then this is a moot point then. The project itself is a black box.

    • zaphod@lemmy.ca
      link
      fedilink
      English
      arrow-up
      5
      ·
      edit-2
      11 months ago

      You do you. Speaking for myself, I prefer to understand and be able to trivially inspect and modify the moving parts in the things I deploy so I have a snowball’s chance in hell of debugging and fixing things when something inevitably goes wrong.

        • zaphod@lemmy.ca
          link
          fedilink
          English
          arrow-up
          2
          ·
          11 months ago

          And all I see is someone taking this conversation way too personally.

          • JasonDJ
            link
            fedilink
            arrow-up
            1
            arrow-down
            3
            ·
            11 months ago

            You sound like someone who doesn’t want to save 10 minutes of work every day because it might cost you half an hour every month.