As rickycook mentions in another comment, pip-tools is a great solution for maintaining the distinction between allowed version ranges and locked, fully qualified versions for the given environment.
I've been using pip-tools with tox for a couple of years now. I maintain a requirements.in and requirements.testing.in, and then I can run
$ tox -e pip-compile
to generate my fully qualified requirements. The pip-compile command is handled by a tox.ini section.
The remaining nasty part is automated extraction requirements for setup.py's install_requires and dependency_links. I wrote a function to handle VCS links and other complicated syntax that I'm copying around to all of my projects. Otherwise, pip-tools has been a great solution.
Exactly, this is a much better way of doing pinning, if only because it's much more human readable and easily parsable. I've been using it for a while as well, and find it very convenient.
It seems to me that that's where we should be heading towards.
I've been using pip-tools with tox for a couple of years now. I maintain a requirements.in and requirements.testing.in, and then I can run
to generate my fully qualified requirements. The pip-compile command is handled by a tox.ini section. The remaining nasty part is automated extraction requirements for setup.py's install_requires and dependency_links. I wrote a function to handle VCS links and other complicated syntax that I'm copying around to all of my projects. Otherwise, pip-tools has been a great solution.