nostr:npub1trdnqrfstufc45awha43p6xy2n0v6czuhapzh4r09hap08dg0c6s9gussx nostr:npub1l3gpk6vrudg8r67swqlex5alv9ch59s4lw46kk6hekuxe2n3aczsyqvu48 Personally I think FlatPak makes more sense, I don't think AppImage has the same sort of sandboxing which is the entire point of containers.

Unfortunately this comparison breaks down when you consider that Docker expects a sort of one-container-per-app topology, using stacks to link everything up. So a single application can be made of half a dozen containers, one for the app, one for the database, one for the frontend... All communicating on a loopback bridge network together. Updating these can be fun sometimes.

Also your understanding is good but misses some details, Docker (and the ContainerD runtime and system it uses) is doing basically all the work, the OS isn't doing anything besides cgroup separation. (And don't get me started on how Docker does storage and filesystems)

nostr:npub1trdnqrfstufc45awha43p6xy2n0v6czuhapzh4r09hap08dg0c6s9gussx nostr:npub17j5xgxhtskpcp0kjd9ldjhm3w6ggns7kkvfp44lk4qsrdwawmjeqvd0ny5

The difference being that flatpak is pretty committed to keeping everything quite up-to-date.

With containers, YMMV.

I'm not intending to dog on containers, but I'm just surprised that I don't hear *anyone* talking about the potential risks.

Zero risk isn't possible, but it's good to be aware of them and plan/decide accordingly.