Can you elaborate on what caused you to have that view?

Some of the cons of rootless/podman

* last time I used systemd units to manage podman containers, it was an inconsistent failure and a catastrophe with containers failing to start.

* podman-compose is not yet officially supported.

* pods are confusing.

* any use of privileged ports (<1024) requires messing with sysctl values as workaround. yikes!

* no pre-defined apparmor/selinux profiles for common processes.

* folder/file permissions under user namespaces is a confusing mess.

* slirp4netns eats cpu and has awful performance.

* can't do GPU and other deeper HW related tasks.

I could go on and on...

Docker has none of these inadequacies.

Most of these are issues with running rootless not necessarily with running podman. Podman in rootful mode does not have most of these issues.

Podman is default rootless and Docker is default rootful. It's a fair comparison.

Sure, and bottom line the OS/Kernel prevent you from doing some things in rootless mode, although we are always attempting to push the boundaries on what is allowed, in a secure way.

Rootless mode works for the great majority of containers, and in most cases users have work arounds for containers that do not work, like binding to ports < 1024. But I agree that understanding these limitations, sometimes requires users to learn new things.

But Security often requires compromise, we don't run all processes as root for a reason in Linux.Running processes with privilege mode by default is way more secure.

I don't disagree with what you say. Generally if you pick security over the conventional you are bound to face limitations for the sake of security. But podman as a product compared to docker to me looks very less mature (things like podman-compose should be included in the box 4 years on). I also get the feeling people who compare podman to docker only run wordpress as a test then call it a success without getting deep into what problems both podman and docker solve.