The more I think about it, the more I feel that actually I’d be quite happy with that message. “If you want to exert control over exactly what you install, don’t reference an un-curated repository on the open internet”. That actually doesn’t sound that negative to me… The worst we can say is that pip’s defaults are intended for casual users, not for people with strict security policies.
3 Likes