On Tue, 16 Sep 2008, Stroller wrote: > > The risk is that you want to install X that depends upon Y. > > The ebuild for X states that version >1.2.3 of Y must be used because > there's a bug in 1.2.2. > > The new version of Y fails to compile, so when X is compiled it only > has the old version of Y to work with. It may compile OK but not work > or feature a security bug.
That's not the real risk: Since any sane user will of course check which packages have failed and make sure that the upgraded version will be installed, this will not leave you with an inconsistent system (the next emerge -NaDu world - which of course also any sane user would do afterwards - would even tell you the problem, and in case of an ABI change you would be informed by revdep-rebuild). The only case I can think of where _really_ problems might arise is the (very rare) situation which I had described: That the ./configure script of X builds X without errors but also without support for Y if only 1.2.2 of Y is installed: Then neither later upgrading of Y nor revdep-rebuild will show anything suspicious, although X does not behave in the intended way.
