I have a requirements.txt file with the line below
pip install --download vendor -r requirements.txt
Collecting Pillow==2.7.0 (from -r requirements.txt (line 4))
Could not find a version that satisfies the requirement Pillow==2.7.0 (from -r requirements.txt (line 4)) (from versions: )
No matching distribution found for Pillow==2.7.0 (from -r requirements.txt (line 4))
--download option just downloads the file for the dependency, but not actually install it (that might have contributed to why the flag was deprecated, to get rid of this confusion).
pip download replaces the --download option to pip install, which is now deprecated and will be removed in pip 10.
It's the same as the newer:
pip download ....
Now assuming your cloud provider is reading the requirements.txt and looking themselves in your vendor folder to install (a-not-so-wise-approach), you'd potentially have all kinds of issues with any binaries, symbolic links, etc... unless the environment you're deploying to matches the local environment. Part of the idea with package systems like pip and a requirements file is so different platforms can pull down the needed libraries for their specific architecture, OS, etc...
This approach has so many things could go wrong...
For example, your mac probably is using a case insensitive file system. If the cloudfoundry is using linux, that's case-sensitive. On mac, this wouldn't matter if they saved it all lower case, but might be an issue when copying the files to a linux system expecting to match a capitlized "P".