-r req.txt requirement reinstalled: case-sensitivity / .tgz

[ejucovy]

The setup:

• I have a local .tar.gz of package "A" at version 0.5

• Package "B" depends on package "A" (unpinned) but with incorrect case: install_requires=["a"] instead of install_requires=["A"]

• I'm installing "A" from my local .tar.gz, and "B" from PyPI

  pip install -r req.txt

req.txt looks like
./A-0.5.tar.gz
B

Expected result: B is installed from its latest PyPI release. A is installed at version 0.5 from my .tar.gz file.

Actual result: A is installed from its latest PyPI release as well. Pip unpacks A-0.5.tar.gz first; then downloads/unpacks B from PyPI; and then searches PyPI for "a", downloads/unpacks the latest release, and installs that instead of A-0.5.tar.gz

Example in the wild:
wget http://media.djangoproject.com/releases/1.0.4/Django-1.0.4.tar.gz
echo "./Django-1.0.4.tar.gz
> django-paging==0.2.3" > req.txt
pip install -r req.txt

The resulting environment will have Django installed from its latest PyPI release (currently 1.2.5) instead of 1.0.4 from the tarball.

Note that django-paging's setup.py incorrectly lists "django" instead of "Django" in its install_requires (https://github.com/dcramer/django-paging/blob/master/setup.py#L12) -- the bug doesn't occur if that is corrected.

The bug also doesn't occur if I modify req.txt to install django-paging from a local tarball, or to install Django 1.0.4 from PyPI.

[qwcode]

fixed in #724