[incision]

>"They don't even do what they're advertised to do, ie give you a reliable way to reproduce a build, and they're inflexible for my idea of real-world work with Docker."

Not exactly, as the thread you link points out you can reference an image ID in FROM rather than the name:tag which has potential to change silently.

It's the equivalent of using a package manager against a repo you don't own without pinning - expect problems.

This can be mitigated by FROM'ing via ID or avoided entirely by running your registry where tags are reliable.

Admittedly, these things are not necessarily obvious, but I think it's a bit disingenuous to paint Dockerfiles as worthless or broken.

That said, ShutIt looks very cool and seems to address exactly some of my concerns / desires about working with Docker.

I just don't agree with framing it in opposition to and at the expense of what exists.

There's value in a container description that is fully self-contained, transferable and 'dumb' enough to be transparent.

[zwischenzug]

Hi, yes you're right - you can reference an image ID. However, as soon as you go to the network you're lost - any apt-get/yum update or install could break your system in surprising ways.

Having done _lots_ of builds lately I can vouch for that (see my blog for some examples).

In the end the image ID _is_ useful, but the dockerfile itself has limitations.

I agree with your last point as well - my evangelism comes from solving problems at my company in this way (which I know are not uncommon problems) rather than any belief that it beats others objectively.