Comment by vulcan01
Docker does not and cannot offer full isolation. A sandboxed VM on someone else's computer is less likely to be problematic for running untrusted code than a container on your system.
Docker does not and cannot offer full isolation. A sandboxed VM on someone else's computer is less likely to be problematic for running untrusted code than a container on your system.
seems not to justify submitting to a proprietary single vendor solution where users are locked into opaque checkpoints they forgot how to migrate away from. this is not something made for users lets be clear. there are tens or hundreds of vm layers for defense in depth for docker so thats a non argument, no one says docker has to provide security its for tooling and common practices that allow vendor independence and moving to self hosted stacks as needed!