python_dep_ssl="python3? ( =dev-lang/python-3*[ssl] ) !pypy2_0? ( !python2? ( !python3? ( || ( >=dev-lang/python-2.7[ssl] dev-lang/python:2.6[threads,ssl] ) ) ) ) pypy2_0? ( !python2? ( !python3? ( virtual/pypy:2.0[bzip2] ) ) ) python2? ( !python3? ( || ( dev-lang/python:2.7[ssl] dev-lang/python:2.6[ssl,threads] ) ) )" produces deps pulling latest version of python. Here on ~arch with default PYTON_TARGETS and portage[python3], python:3.4 gets pulled in although pyhton:3.3 has ssl support enabled. Could we get this correctly slotted?
Just use PYTHON_TARGETS, no need for the python3 or python2 use flags to be enabled. It has been working on my system all along without setting either of those. That python2,3 use flags are a leftover from before the -r1 python eclasses and when portage was still under conversion to work with py3. Currently the portage ebuild doesn't use the -r1 eclasses but manually replicates the behavior it needs. mgorny has opened bug 506158 for portage to migrate to the eclasses.
Thanks for the explanation.
python2 and python3 USE flags are not any leftover. They control shebangs in installed scripts (e.g. /usr/bin/emerge) and they will be needed after potential conversion to mgorny's eclasses. python_targets_* USE flags control installation of symlinks for usage by reverse dependencies of Portage.
Fixed a long time ago, although a little bit related to bug 702806.