[Accepted with Modifications] SE-0292: Package Registry Service

Hi folks,

The 3rd review of SE-0292 has concluded. The review has been generally quiet with feedback focused on making the OpenAPI spec more robust to explicitly highlight the support for redirecting proxies which have been one of the focus points of the 2nd review. As such, the proposal has been accepted with a few minor revisions:

  1. More clearly state in the proposal motivation or future directions sections that package registry is designed to address the immutability and durability concerns in light of cases like How an irate developer briefly broke JavaScript - The Verge
  2. Refine "A client SHOULD verify the integrity of a downloaded source archive" to "A client MUST verify the integrity of a downloaded source archive"
  3. Include the checksum of the source archive in the Package release metadata, and/or refine OpenAPI spec to make it clear it should include Digest and Content-Length headers.
  4. Make the support for redirecting proxies more explicit by explicitly listing 30x response code in the OpenAPI spec.

The proposal and its approval mark an important step forward in the evolution of the Swift package ecosystem. The proposal went through a long review cycle and reflects important feedback from many members of the community. I would like to thank everyone who participated in the review and the proposal authors for their patience and hard work getting this proposal over the finish line.

Tom Doron,
Review Manager

18 Likes

Just noticed that the entry for this on the Swift Evolution web site is still listed as being under active review.

1 Like

thanks, addressed

Terms of Service

Privacy Policy

Cookie Policy