I was interested in working on the following issue but thought it would be worth asking this list about first: https://github.com/pypa/pip/issues/4507 If pip-installing a dependency from a VCS url of the following form: git+https://myvcs.com/some_dependency@sometag#egg=SomeDependency and "sometag" is the hash of a commit, should pip interpret it as a commit hash, or should it first check for a branch or tag of that name? One argument in favor of interpreting it as a commit hash is greater determinism. If someone later adds a branch or tag with that name, the dependency will continue to resolve to the original commit. (However, someone could still remove the original commit before adding a branch or tag with that name.) Another argument is that, without this behavior, once a branch or tag with that name is added, there will no longer be a way to refer to the original commit. Either way, I think the log message can be improved. Every time I see that log message, I think to myself, "of course it's a commit, it's a 40-character hexadecimal string!" --Chris