Version requirements for dependancies

[Chris Ross <cross+netbsd%distal.com@localhost>]

  How does the decision get made about what version of a dependancy is
required?  I guess this is more of a policy question.
  In my example case, periodically something small gets updated on a
production machine of mine that causes pkgsrc to want to rebuild and
install mail/spamprobe.  Now, this would be fine, except that
mail/spamprobe is configured (when it's set to use BerkeleyDB) to read
in the mk/bdb.buildlink3.mk, which then reads in
databases/db4/buildlink4.mk.

  However, spamprobe doesn't always need the newest bdb.  *Any* db4
might well work for it.  I haven't investigated, but I'm sure at least
4.5 or better would work.  But, since it seems to always require the
best pkgsrc has to offer, it then uninstalled the db 4.6.xx I had on the
machine, and by uninstalling that uninstalls many other things that will
now need to be relinked to the 4.7.25.1 version of db4.

  I'm not sure where the fault lies, here, but I think something
somewhere should tell mail/spamprobe that it doesn't always *require*
the most recent version available.  Is there anything that I can do to
request this, or investigate it more?

                             - Chris