Hi Tobias,
When such a situation has arisen in the past, it's my experience that the author of B typically releases an update to fix the issue with the latest version of C:
B 2.5.4.0 build-depends: C >= 3.8
So that particular conflict does hardly ever occur in practice.
And what if the maintainer of a takes the chance to make some major updates and directly releases 2.6? Then all packages depending on 2.5.* will probably break.
yes, that is true. In such a case, one would have to contact the maintainer of A, B, and C to discuss how to remedy the issue. Fortunately, pathological cases such as this one seem to happen rarely in practice.
All this boils down to a system where only a combination of latest versions will be stable. So why restrict dependencies anyway?
Now, I think that is an exaggeration. Do you know a single example of a package on Hackage that actually suffers from the problem you're describing? Take care, Peter