[echoangle]

Just for arguments sake, how did you install docker engine? Did you add their apt source where they can push anything they like into their packages?

And also, you shouldn’t rely on docker for safety, it might or might not work but docker isn’t a reason to just run an untrusted program.

[timeflex]

I'm not even using Docker. I use Podman in rootless mode installed using the system package manager. Even if an app found a way to break out of the container, it wouldn't have elevated privileges.

I'm not saying security is about perfection, but encouraging people to curl something to the shell with sudo is poor practice. I get that it is a newer piece of software, so I am forgiving. But getting it packaged into Homebrew, WinGet, Nix, etc. is more ideal. Some of them may verify a signed package, ensure reproducible builds, track changes for proper uninstalls, etc.