Yes, I understand and agree with all that. More : your last sentence was the reason why I initiated this post !
However, when you only upgrade php (and not php*), dependencies will be also installed/updated. So, you have those packages changed :
php.i386 5.3.28-2.w5
php-cli.i386 5.3.28-2.w5
php-common.i386 5.3.28-2.w5
php-devel.i386 5.3.28-2.w5
php-gd.i386 5.3.28-2.w5
php-imap.i386 5.3.28-2.w5
php-ldap.i386 5.3.28-2.w5
php-mbstring.i386 5.3.28-2.w5
php-mysql.i386 5.3.28-2.w5
php-pdo.i386 5.3.28-2.w5
So, later, you could have some update on anyone of these. So, if I'm not wrong, we will have to check for updates not only the php package, but also all of them. This is the reason of my php* in my check-update.
Anyway, even without the joker "*", the result is almost the same :
yum --enablerepo=webtatic-el5 check-update php
[...}
Obsoleting Packages
php-pear.noarch 1:1.9.4-1.w5 webtatic-el5
php-pear-XML-Util.noarch 1.1.4-3.el5 installed
So, I'm asking what is the best : leave those packages as is even if they are obsolete with the new version of PHP, or update them ?
In the first case, it's risky because those packages are not done to work together with the new installed PHP, in the second case it's risky because it's more packages changed and not done to work with standard packages on SME...
What is the less risky ???