As an evangelist we have a responsibility to at least attempt to get things right. A lot of people take what we say at face value and the wrong message can get force multiplied. The reason I was frustrated with your comments were because it didn’t seem like you wanted to put your comments in the proper perspective. Let’s do this now…
####At Linuxcon NA 2014 this was the state of Docker…
- Docker was a little over a year old…
- They were still at Version 1.1
- Docker engine has been downloaded around 400 to 500 million times since then
- No one knew at that point how pervasive this technology was going to be in it’s first 2 years.
Here’s a list of things that happened in between Linuxcon NA 2014 and 2015 (prior to your comment)…
Just following that Linixcon event we announced 1.2 which added (necessary but not sufficient) 1.2 with –cap-add –cap-drop.
Here’s a list of some of the things that have been done in that window.
https://blog.docker.com/2014/08/disclosure-of-authorization-bypass-on-the-docker-hub/
https://drive.google.com/file/d/0B4016P0_3PSqblY2RGlydVpZLWs/view
https://blog.docker.com/2014/12/advancing-docker-security-docker-1-4-0-and-1-3-3-releases/
https://blog.docker.com/2015/01/dockercon-eu-trust-and-image-provenance/
https://blog.docker.com/2015/03/secured-at-docker-diogo-monica-and-nathan-mccauley/
https://blog.docker.com/2015/05/understanding-docker-security-and-best-practices/
https://blog.docker.com/2015/05/docker-security-tools/
https://blog.docker.com/2015/07/docker-founding-member-cloud-native-computing-foundation/
https://blog.docker.com/2015/08/content-trust-docker-1-8/
If you would had said that Docker has some hurdles regarding security or there are security issues you would not have heard a peep out of me. However, to take a comment our CEO said in August 2014 and then not doing the research since then, IMO; is irresponsible. The sad part for me was really enjoyed your presentation.