[Accepted] SE-0391: Swift Package Registry Authentication

Hi folks,

The review of SE-0391 has concluded.

The review feedback was positive and focused on simplifying how user-provided metadata is collected, sent, and signed during package publishing. Given the feedback, the proposal was amended so that user-provided metadata.json became optional, and is always signed when present. It also meant that the proposed sign command became redundant given the publish --dry-run command has the same effect and it was removed from the proposal. Another small amendment was in how the signing certificate chain is passed to accommodate the behavior of the underlying certificate parsing libraries.

With these modifications, the core team accepted the proposal.

Thank you to the proposal authors and everyone who participated in the review.

Tom Doron,
Review Manager