peep is another tool that intends to address this problem. I couldn't get it to work on Tahoe; it downloaded the required sdists and then blew up with an exception from pip, which it depends on:
$ cp src/allmydata_tahoe.egg-info/requires.txt requirements.txt
$ peep install -r requirements.txt
[...]
File "/usr/local/lib/python2.7/dist-packages/peep-0.2.1-py2.7.egg/EGG-INFO/scripts/peep", line 143, in hashes_of_requirements
for req in reqs: # InstallRequirements
File "/usr/lib/python2.7/dist-packages/pip/req.py", line 1240, in parse_requirements
skip_regex = options.skip_requirements_regex
AttributeError: 'NoneType' object has no attribute 'skip_requirements_regex'
If I understand correctly, pip by itself does not help you at all in verifying the integrity of dependencies; *at most* it will download the package you're directly installing over https.
