[eeZah7Ux]

> A slightly smarter .tar.gz would have solved the problem just as well.

It's called "OS package" ;) and can provide more strict sandboxing using a systemd unit file: unit files provide seccomp, cgroups and more.

[bdavis__]

docker solves 2 problems. first is you have no control over your devs and allow them to install any software from anywhere. and second is you want to sell cpu time from the cloud in an efficient way (for the seller).

[dijksterhuis]

Disagree with both statements.

1) is not a containerisation problem. It’s a team problem. I can jam in a load of npm and pip installs in to a shell install script. Maybe even delete /usr/ for the hell of it. Because the script isn’t isolated from the OS I can cause more damage.

This problem is actually solved by doing code reviews properly and team discussions.

2) errr no. Containers != infrastructure. If you want to deploy on bare metal, you can.

[StreamBright]

Agree with the first one but disagree with the second one. EC2 was selling CPU time long time ago before Docker existed.

[jarfil]

Docker containers provide seccomp, cgroups and more.

Yes, systemd unit files are containers, just like Docker.

[otabdeveloper1]

Indeed you're right, but the problem is that your devs' machines and your production systems are running different OS's/distributions.

Nix tries to solve this, but it isn't there just yet.

[Bootvis]

I know there is cost to this solution but it's a good one:

Use the same OS and similar hardware for development and production.

[randallsquared]

The cost includes making development impossible without internet access, given that devs are not going to be carrying a cluster of servers around with them.

[dijksterhuis]

^ This.

Also means developers can work in whatever environment they want, but the result will be reproducible (almost) anywhere.