This is a discussion about letsencypt-auto, not the underlying letsencrypt/certbot program. Here's what the docs said about letsencrypt-auto:
"Because not all operating systems have packages yet, we provide a temporary solution via the letsencrypt-auto wrapper script, which obtains some dependencies from your OS and puts others in a python virtual environment: <instructions to download and run letsencrypt-auto>"
If users don't read the label before downloading and running a script, they might be surprised by what it does. But we've learned that users don't read those instructions and get upset anyway, so cerbot-auto now asks for additional interactive permission before installing things.
"Because not all operating systems have packages yet, we provide a temporary solution via the letsencrypt-auto wrapper script, which obtains some dependencies from your OS and puts others in a python virtual environment: <instructions to download and run letsencrypt-auto>"
If users don't read the label before downloading and running a script, they might be surprised by what it does. But we've learned that users don't read those instructions and get upset anyway, so cerbot-auto now asks for additional interactive permission before installing things.