https://bugzilla.redhat.com/show_bug.cgi?id=1020456 --- Comment #14 from Michael Scherer <misc@xxxxxxxx> --- I still see value as using Fedora rpm packages. For one, this is properly integrated with the whole ecosystem ( ie, integrated in kickstart, ansible/puppet/chef, satelite ). While you can use gem install for vagrant and everything, that's not exactly as smooth. I would trust more a Fedora package signed by the key of the fedora project than a random upstream whose I do not know the security practices when it come to reproducability. There is also the issue of bundling, since that mean we depend on upstream to have updated gems ( while several CVE were found just by using grep -r /tmp on a snapshot of currents gems a while ago, and I am sure people didn't update or anything ). -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component _______________________________________________ package-review mailing list package-review@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/package-review