tox run with latest securesystemslib changes doesn't seem to work

[MVrachev]

Description of issue or feature request: Inside tox.ini we have defined a test case where we test against latest changes in securesystemslib master: https://github.com/theupdateframework/python-tuf/blob/fc9b42fa5d4e887821189055b9f44fa0f04f0885/tox.ini#L31 I wanted to try it out, so I can test against the latest changes inside securesystemslib. What I did was the following:

1. remove anything cached by tox
2. call tox -e with-sslib-master

Then I manually opened the dependencies inside .tox/with-sslib-master/lib/python3.10/site-packages/securesystemslib and I noticed the latest changes from pr: https://github.com/secure-systems-lab/securesystemslib/pull/391 were not included.

I run in a different venv python3 -m pip install git+https://github.com/secure-systems-lab/securesystemslib.git@master#egg=securesystemslib[crypto,pynacl] and it worked

Expected behavior:

I expect that the latest changes inside securesystemslib master branch should be included.

[jku]

looks like pip has changed how it operates in this strange situation (or we made a mistake when last changing this).

Issue is that we first install securesystemslib from requirements-test... then we install it again using the git url but probably because the version in both is 0.22, nothing happens. using pip install --force might help but i'm no sure if it's the correct fix