So, if you want a stable system, you should NOT be using the -U flag. EVER. And if it breaks – well, you get to keep the pieces. The portage documentation tells you that this flag is deprecated for a very, very good reason, which I’ve described above. My system is rock stable, and I use this process to update it:
emerge sync emerge -uDpv world emerge -uDv world emerge -pv depclean emerge -v depclean revdep-rebuild -pv revdep-rebuild -v dispatch-conf
That basically updates the portage tree, tells me what’s involved in updating everything, updates everything, tells me what packages are no longer necessary, removes them, tells me what packages have been broken by an upgrade or removal, and recompiles them. Then dispatch-conf updates my config files for me with minimal intervention.
The glsa-check programme is a new function of portage which performs security updates automatically. glsa-check is run with “-f all” in order for it to fix (-f) every security flaw (all) identified by a Gentoo Linux Security Advisory (GLSA). So if you want your system to be secure as well as stable, you want to run this regularly.
Personally, I run “glsa-check -f all” every hour, and the above set of commands for updating my system every day. I’ve not had a single breakage in over a year on my stable “x86” box, and only two or three on my unstable/testing “~x86” box.
glsa-check -f all