Yes package managers abstract the package management to the level that it’s easy to use. And that’s great! Every modern package manager keeps track of version numbers and dependencies for you so really you do not have to. When you want to know what version you have, all you need to do is query the package manager while if you compile from source this would be a lot more trickier.

My point was, do not compile from source, because if you use your distros packaging tool, you are safer in that you will install only tested software and patches which will match dependencies you have already installed while if you manually install from the latest tarball you will have to manually track all the patches and dependencies and everything else down the tree.

To properly track security updates and cherry-pick patches for a stable package branch is not an easy task to do. It gets a lot worse when you have to backport a patch from a different version.

If you want the granular control of knowing exactly what versions of everything you have installed you can still do that with a package manager easily. You’re not giving that away at all. To rest easy you can check a package and its dependency versions and ensure they were correctly updated.

For example: Suppose we wish to update a copy of apache. Using compile-from-source, every dependency has to be evaluated in order to upgrade that apache. However, if you use a package manager, do you really know which packages are being updated? Do you know which exploits your system is now vulnerable to? No.

Package managers are great for taking the “hard work” out of updating a system, but they bring a level of dissociation from the fundamentals of system administration that could be allowing systems to be exploited. And certainly the administrator does not know exactly which versions of which packages are on their systems.