TODOs
-----

* if homepage_url (in the pypi metadata for a given pacakge) is a html page,
scrape the page for repo links, this should reduce the number of tarball
imports the tool does.

* scheme x.y e.g. pip.find_deps should avoid using a '.' makes it more
difficult to import extensions as modules, consider the case where we want
to import pip.find_deps for use in a test suite.

* prefix cmd to logs, so when we run pip, prefix log msg with 'pip',
same for egg_info etc

* abstract popen/log,
there is a pattern of calling Popen with stderr=STDOUT and reading
from p.stdout till EOF, then waiting for the subprocess to terminate.
Since this is used in 3 places, it should be factored out really.

* error messages for constraints is currently a parsed form of the version
number e.g. ('==', ('00000000', '00000000',      '00000011', '*final'))
this will be confusing, we should emit nice version numbers.

* Can we avoid the compilation that happens during import of some packages,
i.e. nixtla

* need better errmsg if initial package not found on pypi

* Importing python packages that use pbr fails, see
https://bitbucket.org/pypa/setuptools/issue/73/typeerror-dist-must-be-a-distribution#comment-7267980
The most sensible option would seem to be to make use of the sane environment
that pbr provides: just read the dependency information from the text files
that pbr projects provide, see, http://docs.openstack.org/developer/pbr/