Comment 9 for bug 1313311

Please see https://irclogs.ubuntu.com/2017/02/22/%23ubuntu-release.html#t14:35 for some further discussion on this with another ~ubuntu-sru member.

Following that discussion:

1) The problem appears to be theoretical at this point, since libscrypt has never been updated in an existing stable release.

2) Fixing this must necessarily change behaviour (linking will link dynamically instead of statically). Users might shout about this as much as they'd shout about not having the shared library available.

3) This is (presumably) fixed in newer stable Ubuntu releases, including 16.04 LTS.

So I believe the decision is "no" for now, unless one of those things changes. If there is an update in libscrypt, we'd need to find the reverse dependencies and fix them for any update to be useful. Andy points out that looking up reverse dependencies in newer releases where this is fixed will at least give us a first approximation of what needs to be addressed.

I appreciate that this is a marginal decision and welcome further discussion. I'll set the bug status to "Won't Fix" for now, and reject from the queue, but this can change if the situation changes or if a contrary decision is made.