Why is it so hard to install latest python on Linux?

I wanted to install Pythons 3.11 and 3.12 on a Linux box within docker, both debian, and ubuntu. I also wanted to do it relatively securely. For the purposes of “secure”, curl https://... | sh is definitely not secure, so I’ll be rejecting these solutions. I work at a company where security is taken fairly seriously.

Turns out the only option I have left is “compile from source.” But.. why?

For clarity this is just a rant, not a deep dive into the historical reasons for that decision, but here’s what I wanted to achieve: which python or which python3 should return a path, as well as which pip or which pip3. Then python3 --version should tell me it’s 3.11 or 3.12.

Out of the box on a FROM debian:bookworm python is not present. Suggestions were:

• just use venv, which is great, but in order to use venv, I already need to have python available on the system, so this is redundant
• use Conda. Its installer, whichever the edition, is of type curl | sh, so not fit for purpose
• there’s also pyenv, it’s also of type curl | sh, so no go
• poetry is nice, but it already needs python 3.8, which I don’t have. Not an option for installing the first and hopefully only python version
• apt install python gives me 3.9 as the latest version, not recent enough
• there’s deadsnakes, an alternative ppa for installing different python versions, but for some reason 3.12 is not in their list, and they have a disclaimer that availability and updates for the versions are on a best-effort basis, so use these at your own risk, which is also not good enough

How is a popular and widely used programming language that’s very often touted as the first one people new to programming should pick up this incredibly hard to install on a Linux system? What practices are we teaching these folks? How are experienced pythonistas deal with this? Why is the feedback I get from them “oh yeah, python version and package management is absolutely trash?” How did python survive this?

Just... why?