This does not seem like a uniquely Python problem. As a library, the authors probably listed `libFoo >= X.Y" and left it at that. If libraries pin exact versions with hashes, that creates problem elsewhere as everything now needs to be updated in lockstep.
