Hi all,
currently pkgsrc source builds and pkg_add usage can differ in the
version of packages to use.

When doing source builds on a clean system the location part of a
dependency determines, which package gets installed. So when a package
requests php>=4.4.1nb3, the system recurses into www/php4 and installs
whatever is available there. pkg_add on the other hand determines the
*latest* version of package php to fullfil this requirement, so when
both php4 and php5 are available php5 would get selected.

As this situation is much more critical with the new bulk build system
I'm working on (where both packages would be available), I want to talk
about how we want to deal with this.

IMO it is an error when the latest version of a package doesn't come
from package directory specified in the dependency line, so all PHP 4.4
dependencies should be changed to explicitly specify < 5 like we do in
pkgsrc-security for vulnerabilities. This can break custom updates
though, but I think those should be named with a different prefix.

Joerg