[ploxiln]

Just today I learned that a version of requests from August broke compatibility with a version of pip from February, which is packaged in ubuntu 14.04. (I was installing dependencies with apt and pip as root in a docker image.) (http://stackoverflow.com/questions/27341064/how-do-i-fix-imp...)

Meanwhile, openssl and bash, while getting security updates very recently, are in their very latest versions still compatible with programs from probably over 8 years ago.

[ayrx]

"Meanwhile, openssl and bash, while getting security updates very recently, are in their very latest versions still compatible with programs from probably over 8 years ago."

You have obviously never worked with OpenSSL.

Also, the problems with `pip` is entirely due to Ubuntu not updating their dependencies properly. Upstream `pip` vendors their dependencies so that this precise situation does not occur.

[ploxiln]

That does make sense. Since pip is managed this way, Ubuntu should probably classify pip as "not system software, actually flaky web-app-dev software" and not package it.