> Also... when installing stuff with pip --user, it is always a package > that is not installed for the system (usually not even available for > the system). How can that "break system packages"?
pip installs dependencies. Dependencies may disagree on the version with the system packages. This is a difference between eg. how conda works and pip. Conda is an actual package manager: it ensures that all packages in a particular environment agree on version requirements. pip will break your environment in subsequent installs because it doesn't keep track of what was installed before. On top of this, pip may, in general, cause any amount of damage to your system regardless of where or how you install it because by default it's allowed to build wheels from source packages. The build may run whatever code, including formatting hard drives, mining bitcoin etc. The reason it doesn't happen very often is that package maintainers kind of trust each other to be nice. There aren't really any safeguards to prevent malicious actors from doing this, but you would have to want to install their package for some reason. -- https://mail.python.org/mailman/listinfo/python-list
