"invisible" dependencies in portage?

[selig]

This problem might be specific to hardened-souces, but I am not sure - maybe there exists a similar problem with other packages.

My problem is that hardened kernel (hardened-sources) with enabled grSecurity and RBAC depends on gradm. hardened-souces-2.6.22 got unmasked in the portage, so I updated world and they got installed. I then compiled a new kernel and rebooted the system. It ended up with gradm exiting unsuccessfully saying that it is incompatible with the grSecurity present in the current kernel. There is a compatible version of gradm in the portage tree, unfortunately it is masked ~x86 at the present. I had to reboot back into the older kernel since I cannot install masked packages on this machine. This becomes a problem when you schedule a planned outage for kernel upgrade and end up upgrading nothing...

Should hardened-sources depend on the needed gradm version? However, gradm is not strictly needed for the kernel to function, so maybe a warning after installing the kernel sources saying something like "for grSecurity RBAC you need gradm of version X.X.X or higher" would be enough. Or maybe adding a USE flag which would trigger this dependency check?

There might be other instances of this problem elsewhere in portage, where one functionality of program X depends on a certain version of program Y.

I think that in such cases, at least a warning or a local USE flag should be used as to warn the user of a "possible" dependency.

[Genone]

Should just be a warning. The kernel doesn't depend on that tool at all anyway, it's the tool that depends on a specific kernel version.