Possibly the dependancies are made so tight because that's all that the
pkg creator is able to test?  It _is_ a serious problem, I agree.

The problem, I think, is that creators of pkgsrc dependancies have to
choose between being lax (risking the construction of packages that don't
work, or that have subtle problems) vs. being too strict (requiring extra
updates of packages).  I suspect that not many pkg creators are in a
position to really test out which versions are required, and simply record
the versions that _they_ have and that _they_ believe to work.

If you believe that a restriction is too tight, perhaps you cand send-pr a
patch to the package?

I tend to view pkgsrc as part of the OS (it does ship on the standard
install sets (^&).  Although I don't expect to have to upgrade my entire
OS when I upgrade pkgsrc, I do accept that I may have to periodically
upgrade most of my packages.  (I'd rather that than have silent failures
possibly allowed into my system.  Even more so, I'd rather that the
version dependancies be rigorously explored, but it's unreasonable for me
to expect that to happen.  The current, imperfect situation is probably
about second-best, in my view.)


I do sympathize, though.  Over the past week, I've rebuilt a lot of stuff
out of pkgsrc.  (It was made much worse since I have a slow connection and
haven't built/updated many packages since that hiccup a ways back that
caused sup'ed pkgsrc to delete all distfiles.)  Because of this problem
(and an increasing number of packages that considered this-or-that to be
outdated), I deleted every package except for the ssh/rsa stuff, and began
rebuilding.

I have about 400MB of compressed source archives sitting in
pkgsrc/distfiles/, now.  (^&  I'm amazed enough that so much stuff can be
compiled with nary a hiccup.

For a single user system, the downtime isn't too bad: I was able to give a
higher priority to the packages that I really wanted, and so got up on my
feet again relatively quickly.  The other pieces have come in slowly.

If you are administrating a system for others, you could alleviate the
downtime (at least) by having a seperate system periodically sup pkgsrc,
build the packages, and then export them to the production system.

I know that that doesn't address your concerns about stability.  I believe
that Netscape Navigator was more reliable in version 4.51---or perhaps it
was because I was running the BSDi version.  But as part of the upgrade to
my packages, I'm now running 4.73, which has crashed a number of times on
me, already.  I am not sure that 4.51 _ever_ crashed on me, over about 1
year of use.  (sigh)


(ramble)


  "I probably don't know what I'm talking about."  --rkr@rkr.kcnet.com