I have been emailing the published addresses for GLEP 19 for 2 months now 
with no success.  I am very interested in any ideas or projects that might 
help gentoo be more server friendly, in an "enterprise" environment, for 
lack of a better term.  

I have an idea towards "stabilizing" portage for production environments, 
but I am not knowledgeable enough about portage to know if it would even be 
plausible.  If this is the wrong place to ask this, please feel free to 
point me in a better direction.

Basically, add a new value for "FEATURES".  For lack of a better name, call 
it "sticky".

FEATURES="sticky"

If this flag is present in make.conf:

1) emerge --sync does only updates, not deletes (don't ditch old ebuilds).

2) Implement a new revision numbering scheme for ebuilds, -sX.  Similar to 
-rX, but for glsa updates only.  It could be an abbreviation for sticky, 
security, or stable, whatever you want.  

For example if I am currently running mysql-4.0.25, the only candidate an 
emerge -u would consider would be mysql-4.0.25-s1, mysql-4.0.25-s2, etc....  
In other words, emerge considers only -sX in its upgrade calculations, 
instead of -rX, and only considers the same version.

3) Package maintainers could create duplicate ebuilds for security-only 
related revisions to packages, some other team could maintain them, this be 
somehow automated, or this could be left up to the users to maintain 
through their own overlays.  My idea is fuzzy here...

4) In cases where a vulnerability exists that can only be addressed by 
bumping up to the next version, leave it up to the user to upgrade to it 
manually (FEATURES="-sticky" emerge -u mysql).

Plausible?