Better depext tags

[AltGr]

The current semantics for depext field is a bit verbose and quirky. It contains a list of pairs such that:

for any pair [tags] [targets], if tags is a subset of the tags currently active on the system, then targets must be installed as native packages for that system.

(Not mentioning the source tag, which is active on all systems, but hints that targets should be treated as URLs, downloaded and executed ; we need to find another (less insecure!) way to make packages that use these work, and remove it.)

Recognised tags include arch, OS and distribution information. The best specification we have to date is the code of opam-depext.

Note that at the moment, OPAM does no treatment whatsoever on these tags and has no understanding of their meaning: they're strictly handled by opam-depext. OPAM does implement the subset rule for querying them though.

Now this issue is to either:

• redefine a better semantics for these tags
• or better document the current one

... and think of a way to get rid of the source tag

Ref: ocaml-opam/opam-depext#21

[AltGr]

Also, precising version of system packages has been requested (#2168), but I am really unsure how to handle this on the underlying systems.

[AltGr]

On the "source" tag, here is an option:

• keep it only for automated testing platforms
• never use it for end-users, unless they manually enforce it
• replace by an explanation to the user of what they should do. Either manually through post-messages (preferred), or automatically by checking the "source" tag: "This package requires the installation of extra files on your system. You may find a script that installs them for you at xxx".

The rationale being, never automatically run these scripts on user's computers.
An other option could be to integrate the scripts somehow in the opam repository and sign them; but that raises lots of other questions (how? As packages?).