Re: should postgresql-common depend on ca-certificates?

Re: Peter Eisentraut
>   Certificate verification failed: The certificate is NOT trusted. The
> certificate issuer is unknown.  Could not handshake: Error in the
> certificate verification. [IP: 151.101.3.52 443]
> W: https://apt.postgresql.org/pub/repos/apt/dists/noble-pgdg/InRelease: No
> system certificates available. Try installing ca-certificates.

Good point, thanks for bringing this up.

> I don't know what the right solution is, but maybe a combination of
> 
> 1) postgresql-common at least "suggests" ca-certificates.

In my view, the apt.postgresql.org.sh script is just a side-feature of
that package, so adding a ca-certificates dependency would be wrong.
And recommends/suggests don't really solve the problem.

> 2) apt.postgresql.org.sh should do more checking that the setup it creates
> actually works.

Maybe. Otoh people (or CI setups) might run the script, and do the
package installation later. I'd also wouldn't quite know what to check
there, except for running `apt update` which it is already doing.

> 3) The wiki page quickstart makes more explicit mention of ca-certificates.
> (It is mentioned for the manual setup.)

I added "ca-certificates" to the TL;DR recipe. That makes it less
crisp, but now it's guaranteed to work.

Christoph