[ayrx]

"Meanwhile, openssl and bash, while getting security updates very recently, are in their very latest versions still compatible with programs from probably over 8 years ago."

You have obviously never worked with OpenSSL.

Also, the problems with `pip` is entirely due to Ubuntu not updating their dependencies properly. Upstream `pip` vendors their dependencies so that this precise situation does not occur.

[ploxiln]

That does make sense. Since pip is managed this way, Ubuntu should probably classify pip as "not system software, actually flaky web-app-dev software" and not package it.