I recently stumbled into a worrying problem with pip. I found out that doing "pip install pusher requests" installs urllib3 v1.23 as a dependency even though requests specifically restricts the version to lower than 1.23. Then if instead I do "pip install requests pusher" it installs urllib3 v1.22 as expected. As I recall, pip has long had a problem with combining version specifiers and extras when the same target has been required from multiple sources. What I wanted to ask was, is this a simple bug, or a larger unresolved design problem? Should pip also take into consideration the requirements from existing installed packages so pip won't end up installing upgrades they're incompatible with?