We should only use system python where we have to and then isolate stuff in venvs.

We should also consider adding proper on-system tracking of outdated dependencies.

The debian bundled pip is also a pain to update and old although when using system python we should consider using debian packages and puppet's require_package function. (This is only Flask).