A signature only tells you where something came from, not whether it’s safe. Saying APT is more secure than Docker just because it checks signatures is like saying a mysterious package from a stranger is safer because it includes a signed postcard and matches the delivery company’s database. You still have to trust both the sender and the delivery company. Sure, it’s important to reject signatures you don’t recognize—but the bigger question is: who do you trust?

APT trusts its keyring. Docker pulls over HTTPS with TLS, which already ensures you’re talking to the right registry. If you trust the registry and the image source, that’s often enough. If you don’t, tools like Cosign let you verify signatures. Pulling random images is just as risky as adding sketchy PPAs or running curl | bash—unless, again, you trust the source. I certainly trust Debian and Ubuntu more than Docker the company, but “no signature = insecure” misses the point.

Pointing out supply chain risks is good. But calling Docker “insecure” without nuance shuts down discussion and doesn’t help anyone think more critically about safer practices.

You know container image attestations are a thing, right?

So the end result of this is… companies race to burn fossil fuels into plastic to take water away from municipal or agricultural sources, remove as much safety filtering as they legally (or illegally) can “because it’s cheaper and more competitive” and buy up as much water rights and other water bottling companies as they can with the centralized capital because economies of scale mean better margins. And then once they have a monopoly, they jack up the price and screw over everyone who doesn’t have free water in their taps (which is everyone because the cities all got priced out and had to sell their water rights so now people have to buy bottled water).

Regulation in this scenario doesn’t work because the water companies are operating in some country across the world which has no money or army to enforce its laws. Or the local politicians are corrupt. There is no competition because people don’t have any real choice: they have to drink water which means they have to buy it from some company (as opposed to getting it for free as a human right). That is the big lie we’re all told about capitalism: that competition is a given in every market, government regulation is “in the way” and that the free market will somehow lead to the best outcome for all. At least for water (and also for web browsers), that is patently and obviously not true.

Edit: link formatting

Nooooo some of my favorite science education channels are PBS 😭

And there is no aspect, no facet, no moment of life that can’t be improved with pizza.