Böck: Multiple vulnerabilities in RPM – and a rant

Indeed. I would go so far as to say that bundler should be considered the gold standard of per project dep. management. With virtualenv/pyenv, you are limited to fairly simple version constraints. There is no concept equivalent to `Gemfile.lock` for exactly reproducing an env with the only alternative to recursively listing ALL dependencies. For development, I much prefer the bundler model of picking up gems based on project dir rather than activating/deactivation virtualenvs, as I seem to always eventually end up accidentally nesting python envs (you can only reasonably cram so much information into the shell prompt).