| ▲ | baby_souffle 9 hours ago | |
> Isn't this literally what podman-systemd does? That was my point, basically. You have two options: 1) the usual `curl` or `wget` to fetch the binary and the lib(s) and all the work of validating and putting them in place and the like and _then_ you can use a systemd/.service file to set up controls for the bin 2) podman pull and then either ask podman to make a .service file for you or write your own because only one of the two approaches has solved the package/distribution issue, containers are _not_ "less relevant given that systemd can twiddle the same isolation bits" | ||
| ▲ | zdw 4 hours ago | parent [-] | |
What "validating" does docker/podman pull do that is in excess of a curl of a file? One of the advantages of a real package manager is that it checks signatures on the content that is downloaded. The supply chain on a linux distro's package repos is much harder to break into than typosquatting into a docker registry somewhere. | ||