This was the main thing I’m reacting to: installing from something like pip is usually running a ton of unvetted code downloaded from the internet. If you trust such package managers, you might as well curl to a shell.
Apologies, that's fair -- there are levels to my rant. That's a very important part.
I'll take package managers over shell scripts in concept for one main reason: they reduce reinvention.
The supply chain is always of concern, of course.
A shell script benefits from coreutils -- cp, mv, things like that. You're on your own for everything else, I don't trust that.
They themselves are untrusted code -- for all we know there's no VCS behind it at all. A package manager at least offers some guardrails!
With packages on OBS/COPR, you can at least know/verify the sources you're installing were built in a clean (offline) environment from the upstream sources. It's a small, but notable, improvement.
Also consider you need to rebuild your system and you'd like it to look the same after.
Will you find it easier to run 'pip freeze' / 'dnf history userinstalled'... or crawl your shell history for curl | bash and resolve any drift?
This was the main thing I’m reacting to: installing from something like pip is usually running a ton of unvetted code downloaded from the internet. If you trust such package managers, you might as well curl to a shell.