Hacker News new | past | comments | ask | show | jobs | submit login

One huge benefit of containers is that you can treat a program as something atomic: Delete the container and it's gone, as if it were never installed.

Modern package management systems like APT spend a lot of effort installing and removing files, and they don't do it completely; any file created by a program after it is installed will not be tracked.

You could accomplish the same thing in other ways (as Apple's sandboxing tech does), of course.




"Modern package management systems like APT spend a lot of effort installing and removing files, and they don't do it completely"

Well, there /is/ another way to do it.

STATIC LINK ALL THE THINGS

Which would work if licenses and copyrights didn't exist.


That's one of the main touted benefits of containers (a.k.a build reproducibility). You can view containers as a an overly complicated way to make software with complicated deployment brain-dead easy to deploy.

We're at the point in the hype cycle where it starts getting fashionable to dismiss that as an overkill, but the reality for most of us out there is that most software is way more complicated than a single executable and containers make it easier to deploy complicated software.


I'm talking about mutations to the file system. Things like database files, logs, /var/run, etc.

Managing internal dependencies (like libraries) is another concern entirely. But containers are good for that, too.


> Which would work if licenses and copyrights didn't exist.

I don't think it would.

Dynamic linking allows a library to be patched once and have the patch apply to all the programs using it. If every program was statically linked, you would have to update each one individually.

Not to mention the waste of space.

I'm guessing much of that is moot these days, but IMHO it's still something to aim for.


Patch a library and perhaps you end up breaking some programs that rely on that library.

The benefit of that goes away with containers anyway, you don't share libraries, every instance gets its own install.


Could have sworn that _nix already had mechanisms for loading different lib versions side by side...


I think GP is being snarky/sarcastic.


Programs either shouldnt create such files or the if the user created them they shouldn't be removed.


Are you saying programs cannot create files? That's nonsensical. /var exists for this purpose.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: