Nick Coghlan <ncoghlan <at> gmail.com> writes:
Well, people shouldn't be running getpip manually very often in the first place. The one thing I do not want to preclude is security improvements in maintenance releases. Those may require visible CLI changes (e.g. a flag to opt in to signature checking). End users should then get the enhanced security automatically most of the time (as the installers and pyvenv pass in the flag), while direct invocations will remain unaltered (as they won't pass the new flag).
I definitely agree with this :)
(although, to be honest, while I don't work for the Platform team, it wouldn't surprise me if Red Hat still left pip and getpip out of RHEL and only included it in Red Hat Software Collections, regardless of what our recommendations say).
Yes, I suppose Debian may make the same choice. Distributions like their "minimal" packages :)