|
|
|
|
|
|
by cortesoft
1999 days ago
|
|
|
Sure, but you are still relying on trust, and you are choosing to limit yourself to things released by your chosen distro. This is the same as if you were to pick a specific docker publisher that you trust, and only use their images. |
|
|
If a distro messes up the trustworthiness of an application, they, the big and important company loses clout.
If the application developer messes up, they also lose clout - people may stop using their software.
Chances are, if you're using a third party for a third party piece of software that isn't officially dockerized by the company that developed it, nor a major distro, there's no real backlash if it doesn't work or if they get hacked, etc: "it was a third party trick, so _of course_ it wasn't trustworthy" would be the statement everyone makes.
Debian messing up, or Cisco or Oracle, etc, is a much bigger deal.