Yes, different versions of the same package are a problem. Currently, we keep the first version that is encountered. If it’s our direct dependency, then our version wins. If it’s a transitive dependency, then the first package that defines it wins.
There is no good solution to this except ripping the workspace apart into two, or possibly dockerizing its incompatible parts. This can, however, not be done in an automated way.
We haven’t tried ripvcs yet. But I wanted to give it a try.
As to the state-of-the-art solution to this issue: I think the best is not needing recursive wstool at all. Ideally, you depend not on a branch of a package, but on a fixed and tested version, and your release manager’s role is to periodically test newer versions etc
This release manager can also record all the transitive dependencies and decide their versions. But as a small reaearch team, we don’t have the luxury to have a release manager in our team. So we just use the recursive wstool until it breaks, and when it breaks, the least lucky guy in the lab has to fix it =)