A reply to my previous pkg-config introductory post outlined a real "problem" with "mixed-state" packages. These packages provide pkg-config metadata files in some situations; i.e., not always. This is a quite common situation in libraries that did not use pkg-config in the past, but have been recently converted to do so. Some examples are OpenSSL or the X libraries (which are being converted to the GNU toolchain by Freedesktop.org).

But why is this a problem? Basically because software developers are not aware of this and simply look for the pkg-config metadata files. E.g., when they need OpenSSL, they simply ask for the openssl.pc file through pkg-config; in case of failure, they assume the library is not there, but this assumption can be perfectly wrong. When this happens, those programs should also check for the libraries in a direct manner, bypassing pkg-config.

However, it's safe to use pkg-config in other situations, specially to get information about libraries which have always used pkg-config (like almost all GNOME 2.x libraries).

So, be careful with libraries that have been around for a long while. In case of doubt, try to do a bit of research: check older (API compatible) versions of the same library to see if they have the file, and also check some other operating systems (specially if the library is part of their base system). If you are still unsure, it may be a good idea to ask the software developers or simply add manual detection in your scripts.