Better dependency control. I strongly prefer software that only depends on the stuff I can get from the package manager. This lowers the chance of supply chain attacks. Doesn’t prevent them, but I expect repo maintiners to do a better job looking at packages, than a developer who just puts another pip/gem/npm install in a dockerfile.
Also if something is only available in a container, it sort of screams “this code is such a mess, we don’t even know a simple way to run it” to me.
Better dependency control. I strongly prefer software that only depends on the stuff I can get from the package manager. This lowers the chance of supply chain attacks. Doesn’t prevent them, but I expect repo maintiners to do a better job looking at packages, than a developer who just puts another
pip/gem/npm install
in a dockerfile.Also if something is only available in a container, it sort of screams “this code is such a mess, we don’t even know a simple way to run it” to me.