It can be easier to spend £100K than £100.

And this is regarded as an existential problem which cannot be permitted to persist by some in the security space.

No, it was entirely a business decision in both cases.

Deal breaker for us too, now in my second org where that's been true.

It's not just that you need a licence now, it's that even if we took it to procurement, until it actually got done we'd be at risk of them turning up with a list of IP addresses and saying "are you going to pay for all of these installs, then?". It's just a stupid position to get into. The Docker of today might not have a record of doing that, but I wouldn't rule out them getting bought by someone like Oracle who absolutely, definitely would.

I'll see your "IT team never heard of docker" and raise you "security want to ban local containers because they allow uncontrolled binaries onto corporate hardware.". But that's not something podman solves...