After I learned how easy and convenient containers are I started to think about the amount of software I install from volatile sources (think of unversioned pip installs). This year the industry had several major security incidents made possible by open-source (non-)supply-chain attacks. Malware targeting everything from cryptocurrency through Discord credentials to access tokens is very common. Being careful is not good enough, all dependency chains of all your projects have to be careful as well. See CVE-2024-YIKES by the Andrew Nesbitt for an amazing illustration of the reality. My work setup for containerized environment is very specialized, and is not transferrable beyond my machine and the layout of my git repositories. On my personal machine, I only do lightweight development, but I started to miss the good feeling of having total isolation between indirect libraries I never saw a single line of source code from, and my vacation photos. Devcontainer managersDistrobox exists. It…
No comments yet. Log in to reply on the Fediverse. Comments will appear here.