I'm a longtime (>10 yrs) Linux admin and I've been using Gentoo for perhaps 2 years and I'm super impressed with Gentoo, having gotten very annoyed with the rpm-based nightmare upgrade situation presented by most of the other distros, but one thing I'd really like to see in Gentoo is a way of safely keeping my Gentoo boxes up to date in an automated way.  I know that may sound paradoxical and mutually contradictory.  I realize that production systems should not be upgraded before trying out the upgrade on a testbed system, but I've found that routine cron jobs of emerge world are unsafe because some packages need a human's attention for upgrading (like apache or postfix when config files should be left untouched or updated or merged with new config files or some other issue that needs a human's attention) whereas doing nothing for a long time (while the portage tree evolves) makes for a box that has been veritably left behind, sometimes making it difficult or impossible to upgrade.

I'd like to have the capability of being able to list some packages that should never be upgraded automatically (I realize I can do this to some degree already with portage), some others that are very unlikely to break from an automated upgrade and thus should always be upgraded automatically, and some packages (which may fit in either or both of these categories) that must be upgraded in a certain order in order to avoid breaking something and thus, should probably be upgraded automatically or (if flagged for preventing automatic upgrades by the admin) should be brought to the attention of the admin (say with an email to root or something) as needing attention to avoid breakage.

I am asking for this feature after having spent an entire weekend upgrading various packages by hand, one or a few at a time, after carefully considering whether or not it would be safe to upgrade this or that package, and after having (lazily) not upgraded anything on this production box in a long time.  The experience has left me rather exhausted (with a sore ass from sitting down for so long) and wishing for something better.  One noteworthy experience in particular is that I found that many packages suffered sandbox violations on attempted upgrades, and I troubleshot this problem for a long time before it occurred to me that I might want to upgrade the sandbox package and then try upgrading these packages.  That solved the sandbox violation problem.  It seems to me that this was a case where an automated system could have insisted on upgrading the sandbox package first, before the others.  Perhaps there should have been a dependency, so that when I tried to upgrade the ncurses library, it automatically pulled in the newer sandbox package as a prerequisite (for that is what it turned out to be).

After writing this much, it occurs to me that perhaps the capabilities that I describe here may already be in Gentoo/portage in some way that I've yet to fully discover and/or utilize, but despite having installed many Gentoo systems and read the Handbook (and many other Gentoo docs) many times, I've yet to see a good write-up on how to do what I describe here.  And perhaps the fact that the sandbox package was not a dependency for the ncurses package (and several others that also broke during emerge with sandbox violations) was the real "bug" so to speak, rather than the idea that Gentoo is missing this major feature that I'm asking for.  I'm really not sure which might be true, but I just thought I'd ask.

Thanks again to all the developers who have made Gentoo.  It's a really terrific distro.