The "Docker" page has been changed by BordenRhodes:
https://wiki.debian.org/Docker?action="">
Comment:
Moving Podman plug into security warning. Consider making its own section.
Docker has no equivalent to `sudo`'s password check, so an arbitrary-code-execution exploit against a user in the `docker` group effectively grants the attacker root access. Therefore, the safer choice is to __''never''__ add a user account — even your own — to the `docker` group, so that Docker commands can only be used via `sudo`.
+ If Docker running at root level is an unacceptable security risk, consider [[Podman]] instead, which provides similar functionality but runs without root privileges.
+
See also [[https://docs.docker.com/go/attack-surface/|"Docker daemon attack surface" in the upstream documentation]] for more details.
}}}