Comment 7 for bug 1313311

The implication is that packages built against scrypt on trusty link against it statically. It's a grave Debian policy violation for one, it's a terrible thing for a security-related library for another. If there's any update to the library, other packages don't pick it up. It's also clear that it has been fixed in newer Ubuntu versions since over two years with no reported regression.

That being said, it's clear that for in-distro packages reverse dependencies of libscrypt would need to be recompiled to pick up the dependency. However, they are of course not easy to identify because they never inherited the shlibs dependency in the first place.

Similarly I can make the argument that it does not affect any package in the archive because unless they are recompiled they won't see the updated symlink. In the end it's mostly to help people building their own packages on Ubuntu against libscrypt to do it correct and in the manner you'd expect an Ubuntu system to behave.