I agree you have a valid point, your reasoning makes sense. However, it seems to me that by the same reasoning bubblewrap should be turned into a recommended dependency too. Your command
opam init --bare --disable-sandboxing default /path/to/repository also works if bubblewrap is forcefully removed (and the dependencies broken, for the sake of the example). Therefore, there exists a way to use opam without bubblewrap, it could be recommended only. Both reasoning look like having an issue: you assume the presence of a local copy of the repository, I assume sandbox disabling is acceptable. To me, the latter seems less unusual than the former: sandbox disabling happens in (unprivileged) containers while local repository copy seems to be for air gapped operation. Also, local git clone seems far less unusual than package management without networking. On Wed, 10 May 2023 at 10:27, Stéphane Glondu <[email protected]> wrote: > > Hi, > > Le 10/05/2023 à 09:04, Cuihtlauac ALVARADO a écrit : > > Once installed, to be usable, opam needs to be initialized. Here is > > the command: > > > > opam init > > Indeed, the default repository is on HTTPS. However, if you have a local > copy of the repository, > > opam init --bare --disable-sandboxing default /path/to/repository > > works without ca-certificates. So there exists a way to use opam without > this package, hence the Recommends (I suppose, I didn't make the initial > packaging myself). And by default, Recommends are installed, so opam > with default settings works in Debian with default settings. > > Similarly, git only recommends ca-certificates, and fails when cloning > from HTTPS without it. > > > Cheers, > > -- > Stéphane >
