If you "apt-get install libsqlite3-ruby", then you get Ubuntu's package
containing the ruby library which talks to the C library (libsqlite3-0).
The C library is automatically installed as a dependency. This is not a
gem; the code is installed under ruby's site library directory.
While not the gem per se, it is the same code used as if you would do a
sudo gem install sqlite3-ruby
The advantage of the gem approach is you can easily update it if a new
version of the sqlite3-ruby gem is released. Ubuntu won't update their
package unless there's a security issue, or until you move to the next
version of Ubuntu.
<rant>
The disadvantage of the gem approach is security:
For one, RubyGems pretty much requires root access to some directories,
for another, it makes no distinction between compile- and install-time,
so the compiler runs as root, allowing me to potentially exploit a
vulnerability in the compiler to get a backdoor installed.
Or just do a "rm -rf /", if I were unimaginative.
RubyGems will happily overwrite anything in /usr/bin/, so I can include
a /usr/bin/less file that grants me root access:
https://bugs.gentoo.org/show_bug.cgi?id=278566
And yes, the issue is known:
http://redmine.ruby-lang.org/issues/show/1800
And unless you check certificates (against what? Is there a default
keystore, like a "rubyist-keyring"?), you cannot verify the integrity of
a package.
So, trading convenience against security. Be aware of the risks that
carries with it.
Oddly this is less of an issue on Windows, since Ruby is self-contained
there, and happily so, and wreaking a Windows isntall is exceptionally
difficult by now.
</rant>