undefined | Better HN

story

0 pointstlrobinson12y ago0 comments

But would you review the source of Docker too?

0 comments

I think I get where you're going with this, in that, the burden to run this and review the source is too high, that it almost seems like a waste of time. If that is your point, then I agree with you.

I don't know much about docker, but doing a "curl | sh" peeks my interest, then downloading additional binaries into /usr/local/bin, I'd want to take a closer look. Obviously, this is a case by case review, till it sits well with me. If I was going to run this in production, I'd want to have a really good idea of what this was doing and what to expect, so I'd probably take a closer look at the source if it was not clear from the documentation.

JasonFruit12y ago

Completely non-judgmentally, it's piques my interest, so you can spell it right next time. (I have the opposite problem: I spell things right and say them wrong.)

mgkimsal12y ago

I met someone who pronounced "queue" as "kway", as in "I need to go clear my mail kway".

That is all.

zobzu12y ago

Do you reverse engineer your CPU's schematics?

This can go on pretty far - trust is always an eventually unsolvable issue.

There is a certain level of trust that is easy to achieve and easy to get. Trusting dotcloud is easier than trusting everyone on the internet is pink bunny. Happens to be that HTTPS and signing aren't exactly hard either ;-)

j / k navigate · click thread line to collapse