Source: libxcrypt Version: 1:4.4.18-1 Severity: serious libxcrypt introduced a new dependency cycle:
src:libxcrypt Build-Depends on libltdl-dev (new) libltdl-dev is built from src:libtool src:libtool implicitly Build-Depends on libc6-dev libc6-dev depends on libxcrypt-dev libxcrypt-dev is built from src:libxcrypt The change in Build-Depends is inappropriate at this point of the freeze. Please revert and discuss how the change can be performed in a way that does not break architecture bootstrap. I think that libxcrypt really only needs /usr/share/aclocal/ltdl.m4. This file happens to be part of libtool, but it is otherwise architecture-independent and could be moved to an Arch:all package in principle. Doing so would unbreak cross bootstrap, but I don't understand the effects on a native bootstrap. As a workaround, I propose vendoring ltdl.m4. It is not uncommon to vendor m4 files for autoconf. While this usually makes updating them hard, this seems to be an exceptional case where such vendoring could be justifiable. As a long term solution, I propose demoting the libc6-dev -> libxcrypt-dev dependency to Recommends. Doing so shrinks the expectation of what build-essential provides. In any case, now is the wrong time to add this dependency. I'm filing it at rc severity to prevent testing migration during the bullseye freeze. Once bullseye is released, I no longer see a reason for it being rc even if it remains unsolved. That should give enough time to evaluate options and keep bullseye bootstrappable. Helmut
