Thanks for the question, @André Dienes Friedrich. The simple answer is no, there is no set expiration time. We like to keep deprecated features around as long as a good number of users are depending upon them in production. Some reasons why a feature would be removed are: keeping the deprecated library conflicts with important features of the replacement; it becomes too burdensome to support the deprecated one; or the deprecated one becomes a risk in terms of security or data integrity. That hasn't happened yet with the libraries you mention.

Hi @Justin Millette. It isn't possible to support multiple in-process Python virtual environments simultaneously. This is because a Python virtual environment is defined at the operating system level, not the application level. A virtual environment consists of a specific Python executable and a set of associated libraries running within an OS-level process. Since IRIS itself is an OS-level process, it can only host a single Python interpreter when running Python code in-process. Supporting multiple virtual environments in this context would require multiple OS processes, which would negate the benefits of embedded execution. If you really need virtual environments, use normal client-side Python. 

Sounds like it's more accurate to say you want to exclude web applications that ship with IRIS, not only those that are of type "System." 

Using the security.applications table @David Hockenbroch mentioned, I'd exclude those from  namespaces InterSystems uses for product, e.g.:

SELECT name,namespace,resource,type FROM security.applications 
WHERE NameSpace not in ('%SYS','HSSYS','HSLIB','HSCUSTOM')

Let me comment separately on the venv question. Remember, you could choose to run your flask app in a separate container and use Docker compose to orchestrate the containers. That will give you all the normal venv options.

If, however, you choose to run your flask app embedded in IRIS (running using embedded Python), you are running in-process with IRIS, and that process can't load and unload Python virtual environments while maintaining the benefits of running in embedded mode, so therefore the implication for containerization is that yes you do have to create a new base image when you want to add a package, but that's the tradeoff.

Have you seen https://github.com/grongierisc/iris-flask-template? This agrees with a lot of what you found out, but might be a little simpler. The only thing I changed for my work is my pip3 install command in Dockerfile adds a --target as recommended by @Dmitry Maslennikov:

RUN pip3 install -r requirements.txt --target /usr/irissys/mgr/python