haui_lemmy, 7 months ago (edited 1 month ago)

Imo, yes.

• only run containers from trusted sources (btw. google, ms, apple have proven they cant be trusted either)
• run apps without dependency hell
• even if someone breaks in, they’re not in your system but in a container
• have everything web facing separate from the rest
• get per app resource statistics

Those are just what was in my head. Probably more to be said.