[kryptiskt]

> A container is a container, as long as docker itself has not bug, the container can only harm the containers content.

So given that there are no bugs and as long as the Linux kernel is free from local privilege escalation exploits. That seems long odds to trust in.

[prottmann]

The same trust i have in a VM or a RM.

[Nursie]

Not true if the software in your VM or RM is managed by a package manager and comes from a place that issues security updates, patches etc.

One of the criticisms in the article is that much of what's going on now, either with containerisation or weird build systems like Hadoop's, misses out on this.