[Bug 1020456] Review Request: vagrant - an automation tool used to manage development environments

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



https://bugzilla.redhat.com/show_bug.cgi?id=1020456



--- Comment #14 from Michael Scherer <misc@xxxxxxxx> ---
I still see value as using Fedora rpm packages. 

For one, this is properly integrated with the whole ecosystem ( ie, integrated
in kickstart, ansible/puppet/chef, satelite ). While you can use gem install
for vagrant and everything, that's not exactly as smooth.

I would trust more a Fedora package signed by the key of the fedora project
than a random upstream whose I do not know the security practices when it come
to reproducability.

There is also the issue of bundling, since that mean we depend on upstream to
have updated gems ( while several CVE were found just by using grep -r /tmp on
a snapshot of currents gems a while ago, and I am sure people didn't update or
anything ).

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
_______________________________________________
package-review mailing list
package-review@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/package-review





[Index of Archives]     [Fedora Legacy]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]     [Fedora Tools]