Major GNU/Linux distributions have specialized security teams responsible for keeping all packages in the distribution secure. If you cannot afford it to spend enough resources to match up with these teams, then (if the highest security is the goal) the best solution is probably to rely on their work and use packages from the distributions. Distributions with staged releases (such as Debian) try to patch packages, such that their dependencies do not break.

Of course, if you use the distribution's packages, you lose the flexibility of the python virtual environment. So, this seems to be another tradeoff triangle: high security, minimal costs, installation flexibility. Pick two.

Major GNU/Linux distributions have specialized security teams responsible for keeping all packages in the distribution secure. If you cannot afford it to spend enough resources to match up with these teams, then (if the highest security is the goal) the best solution is probably to rely on their work and use packages from the distributions. Distributions with staged releases (such as Debian) try to patch packages, such that their dependencies do not break.

Of course, if you use the distribution's packages, you lose the flexibility of the Python virtual environment. So, this seems to be another tradeoff triangle: high security, low costs, installation flexibility. Pick two.

Major GNU/Linux distributions have specialized security teams responsible for keeping all packages in the distribution secure. If you cannot afford it to spend enough resources to match up with these teams, then (if the highest security is the goal) the best solution is probably to rely on their work and use packages from the distributions. Security teams of distributions with staged releases (such as Debian) try to patch packages, such that their dependencies do not break.

Of course, if you use the distribution's packages, you lose the flexibility of the python virtual environment. So, this seems to be another tradeoff triangle: high security, minimal costs, installation flexibility. Pick two.

Major GNU/Linux distributions have specialized security teams responsible for keeping all packages in the distribution secure. If you cannot afford it to spend enough resources to match up with these teams, then (if the highest security is the goal) the best solution is probably to rely on their work and use packages from the distributions. Distributions with staged releases (such as Debian) try to patch packages, such that their dependencies do not break.

Of course, if you use the distribution's packages, you lose the flexibility of the python virtual environment. So, this seems to be another tradeoff triangle: high security, minimal costs, installation flexibility. Pick two.