I used instead of Docker for a while because it came by default on RHEL (I'm using 8).

It has very impressive compatibility with Docker. For 99% of use cases you will not even know you are using Podman. The one case that forced me to uninstall it and use Docker was running `gitlab-runner`'s integration tests which do some funny things with Vagrant and VMWare, and Podman didn't like it. But overall I am very impressed with the compatibility.

There aren't really any advantages to using it for individual users. Being rootless is a huge upside on the server though. At my previous company I accidentally deleted all the containers running on a server because I naively assumed that Docker followed the normal permission model and would only let me delete my containers. Imagine my surprise when I learned that Docker basically runs as root and all users that have access to Docker have root access!

Of course I only made that mistake once, but still... Crazy design.

> There aren't really any advantages to using it for individual users.

Cheers, but his is not true.

Running a container without root privilege is a security advantage for users who run containers that (inevitably) contain vulnerabilities.

This is so true… also different users on the same machine can have their own podman daemon mimicking their own private docker daemon.

In some cases it can be useful to run different containers as different users.

Even more so if said containers contain Trojans.

Bit more secure than running directly, but if the container is broken out of, attacker directly gets root.

Adding to the parent's point. The docker hub is full of malware images and the docker devs could not care less.1.2.3.

1. https://www.bleepingcomputer.com/news/security/docker-hub-re...

2. https://sysdig.com/blog/analysis-of-supply-chain-attacks-thr...

3. https://www.bleepingcomputer.com/news/security/thousands-of-...

It's often the case with software "repositories". Pypi, npm, Maven... Security is expensive.

An organisation needs money, on-staff security professionals, and (of course) lawyers to explicitly commit to maintaining a package system.

Even MAAMAN (was FAANG) app stores have been exploited.

FYI your second link is broken or dead.

You have sudo though presumably, so there's not much difference between giving it access to your account and directly giving it root.

Important to note: docker now supports running everything as rootless, with the same caveats as Podman.

>There aren't really any advantages to using it for individual users.

I'd consider not having to run a service I give root on my machine just to run some containers an advantage as a individual (dev) user.

And however crap RH/IBM itself is, not dealing with Docker corp is also quite good.

Podman is not the sole product of the people behind it, so they're less motivated to go down the Docker hole, imo.

If you need to use buildx it is a slog to get right. The split between root and rootless is also wrought with forking guides and very confusing to triage. For example, rootless needs more care with capabilities.

I managed to build and run a Docker compose setup that had been used exclusively with Docker for years without issue.

The problem came when trying to get other systems to talk to Podman in place of Docker. It just ... didn't work.

> But then Red Hat (i.e. Podman's sponsor) started trying to charge more people for software too

Podman is free as is Podman Desktop.

Red Hat didn’t raise its prices.

CentOS Streams and Fedora is still free.

Oh you mean they made it difficult for Rocky to build the SRPMs. Sorry sorry. Hard to keep up with the FUD.

Exactly. Red Hat is ending some things others never even considered to offer. Yet, people stand in line with... Oracle, WTF. FUD sadly works.

Especially while RH still making things accessible for people without money and testers, e.g. https://developers.redhat.com/articles/faqs-no-cost-red-hat-..., includes RHEL, Software Collections and Application Streams, Developer Toolset and Compilers, Red Hat Insights access (sic!).

podman and podman-compose became mainstream and replaced docker for me in "server" scenarios on rhel8/rhel9, fedora and derivatives. Glad to see progress on the desktop!