Control: reassign -1 pkgconf 2.5.1-1 On Wed, Feb 04, 2026 at 08:05:11AM -0500, Jeremy Bícha wrote: > My simplistic understanding is that we ought to include > Requires.private dependencies in our -dev package dependencies. If you > disagree, could you ask other people, maybe the debian-devel list?
Could you elaborate on why you think so? > lowdown is 1 of only a few packages that were caught by the new > pkgconf upload and are preventing it from migrating to Testing. I > imagine there are quite a few other affected packages, but they don't > have autopkgtests. > https://qa.debian.org/excuses.php?package=pkgconf Given this used to work, I bisected pkgconf in order to find where and why this change was introduced. In Debian, pkgconf seems to have jumped from 1.8.1 to 2.5.1, which made isecting a little tricky, but doable. To reproduce: $ apt install liblowdown-dev libmd-dev- libbsd-dev- and use this as the test case: pkgconf --libs --shared lowdown The culprit seems to be a79952a08428d8f8e7bfff730d7ec536765c555e, included with 2.4.0. Reverting this commit over 2.5.1 makes the issue go away. The commit's short description is: libpkgconf: queue: always walk requires.private lists internally Neither this commit description, nor 2.4.0's NEWS, mention requiring Requires.private for shared libraries, as an intended change in behavior. On the contrary, the immediately previous commit, 86602bc17ee46b5a0dec86e8dd8aff604f1f6856 seems to hint towards the exact opposite: pkg: skip over private dependency nodes when --static is not explicitly requested That, plus the previously mentioned comment on GitHub around LIBS and --shared makes me to believe that this is a unintended consequence rather than a deliberate change, and thus probably a pkgconf bug. Therefore I'm reassigning this to pkgconf. Looking forward to hear the package maintainer's and/or upstream's comments on this. Thanks again! Faidon
