Comment by yjftsjthsd-h
Comment by yjftsjthsd-h 13 hours ago
> Meanwhile here I am on my Linux machine, constantly anxious that sooner or later one of my bazillion npm and pip dependencies will get compromised, and secretly praying that one day proper sandboxing and an Android-security model will be common on the Linux desktop, so that I can erect security boundaries between my applications and repositories.
Why wait? You can shove your pip/npm uses into docker/podman and remove 90% of the attack surface today. (Provided you don't map your home directory into the containers)
Docker is not a security barrier. There have been plenty of container escape attacks in the past, and plenty more to come.
But I agree it might remove the 90%.