Nightly PyTorch builds compromised

There isn't much in the way of control of precedence in pip, unfortunately. It's a requested feature [1] but there has been relatively litttle work to make it work. PyPA does define a standard (.pypirc) for configuring indexes that gives very good control over precedence, but pip has zero support for it (honestly I don't know what *does* support it)

The gold standard (imo) for avoiding this kind of mistake is to set up your own index that is capable of falling back onto PyPI, and use `--index-url` instead. One of the pip maintainers publishes the tool `simpleindex` [2] for doing this, letting you specify explicitly which packages you want from your own index, and falling back to PyPI for the rest. There's also `devpi` [3] but it's substantially more complicated to operate.

Honestly, it feels like a huge mistake for pip to keep the `--extra-index-url` feature. It's hard to use safely and I think a big reason that pip hasn't grown a better way to do it is because it's "good enough" if you're willing to overlook the massive attack vector it brings along for the ride with any internal packages.

[1] e.g. https://github.com/pypa/pip/issues/6045 and https://github.com/pypa/pip/issues/4263
[2] https://github.com/uranusjr/simpleindex
[3] https://github.com/devpi/devpi