This has been on my mind for awhile, and now as we start reaching acceptance of some critical packages such as
NIORedis I think it's important to cover this topic.
Should "critical" packages be owned by the SSWG in terms of packages being under the swift-server GitHub organization, with the authors maintained as contributors?
I'd personally define "critical" so far as database drivers & the HTTP client
Where I'm coming from, is that it solves two pieces:
- We are without a strong / reliable package registry for SPM projects
- It fast-tracks addressing the SSWG Minimum Requirement on longevity
- SSWG should have access / authorization to graduated repositories in case of emergency
This also stems from the fact that personal repositories in GitHub do not have robust permission schemes, while organizations do (from Teams).
Does this make sense at all? If not, and we want to leave packages primarily up the implementors to decide, I plan to migrate from GitHub to GitLab for NIORedis before the proposal review - as it's my preferred git platform.