Dependency execution order

[Alea81]

Hi,

We are using licenced chocolatey for setting up development-, build- environtments. I run into a problem, and ask you kindly to clarify the behavior:
Let's say, you have 4 packages, PackageB and PackageC is loosly depending on PackageA, meaning, the version is defined simply like this: "1.2+". PackageD is an environment setup package, which depends on PackageA, PackageB and PackageC, and sets version for PackageA strict to, let's say "[1.3.0]". The latest version internalized on our package server is for PackageA "1.4.0", but not rolled out yet.
If I set the dependency order like this:
PackageB
PackageA [strict version]
PackageC
The package installer says that there is a newer version set as dependency for "PackageA"
If I do the ordering like this:
PackageA [strict version]
PackageB
PackageC
It works fine, installs the strict version, and uses that for PackageB and PackageC.

It seems that the dependency check goes from top to bottom, and not summing up restriction of versioning. We assume, that it's implemented like that, because the dependency execution is also stepping through from the top to the bottom, executing each package independently, and therefore, the first order would install the latest version first, and afterwards would fail to install the strict version.
I've also discussed the behavior with a choco maintainer, and he said, that as far as he knows the execution order is not guaranteed, so I do not really know, whether the second ordering solution would always work.
The question would be: Is it a bug, or is it intended to check dependencies like this?

Thank you!

[ferventcoder]

There is no guaranteed order on dependency checking, so it's best to have all things that have dependencies note them. However as you mentioned there is likely some issues with NuGet v2 where it did not walk everything appropriately first to build a graph to work from when the Dependency is set to latest version. So there is that aspect.

Relates to #508