• equidamoid@lemmy.world
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Better dependency control. I strongly prefer software that only depends on the stuff I can get from the package manager. This lowers the chance of supply chain attacks. Doesn’t prevent them, but I expect repo maintiners to do a better job looking at packages, than a developer who just puts another pip/gem/npm install in a dockerfile.

    Also if something is only available in a container, it sort of screams “this code is such a mess, we don’t even know a simple way to run it” to me.