I recently read the article (mentioned in the URL) that speaks of why Gentoo and production servers should not go hand in hand. Mainly, the article criticizes the constant evolution and marking new packages as stable in Portage. Further, I have witnessed first hand that there are packages that are released that can require a fair amount of rebuilding to get your system back running properly (dbus upgrade, all gcc upgrades, MySQL 4.1->5.0, etc.) For server admins that want to focus on security updates, it would be nice is ebuild's included some kind of marker (other than the changelog) that denoted when a security patch is to be applied. This specific option could be passed to emerge so that only ebuilds that have an update with a security patch could be shown. Further, in a general -uD, it could mark a package as U(sec*) or something like that to let the system maintainer know that this upgrade is highly recommended. I think this would be a good first step in constructing a predictable, secure Gentoo server for those who are not fond of staying with the bleeding edge for bleeding edge's sake. Reproducible: Always Steps to Reproduce: (see description) Actual Results: (see description) Expected Results: (see description)
As an administrator, you should be using the glsa-check utility regularly; it is part of gentoolkit. Also, it is up to the administrator to thoroughly search the output of emerge -pvtuD (for example). These will serve to help better inform you as to upgrade choices. Please take this elsewhere, such as to the forums or the gentoo-user or gentoo-dev mailing list; bugzilla is not a place to idly discuss ideas.
