Currently the curl ebuild will completely ignore the nss USE flag if the gnutls USE flag is given as well. This is very confusing. As the ebuild already uses EAPI=4 and contains a REQUIRED_USE variable, I would suggest adding a line to it which requires "gnutls? ( !nss )", i.e. when gnutls is selected, don't allow selecting nss as well. There are ebuilds out there (mail-client/thunderbird-bin-5.0 at least) that explicitely depend on net-misc/curl[nss]. In the case of USE="gnutls nss" portage will currently consider the dependency fulfilled, even if curl doesn't use nss at all. You might also want to revisit bug #207653 comment #3 and consider adding an openssl USE flag to make the three implementations symmetric to one another. In that case, only one of these three USE flags should be allowed, all three should require the ssl USE flag, and the ssl USE flag should require at least one ssl library being selected.
And, of course you'd also need an accompanying nss? ( !gnutls )
(In reply to comment #1) > And, of course you'd also need an accompanying > > nss? ( !gnutls ) Not necessarily. Either of these lines states that nss and gnutls cannot be selected simultaneously. If you add both versions, then I guess the error messages would tell you that you have to disable gnutls for nss support, and that you have to disable nss for gnutls support. Which is more symmetric, but might also confuse some people into feeling that they have to disable both.
fixed, thanks