Is there a setting we can add to a package, framework, or app, so that it's allowed to depend on packages that use "unsafeFlags"?
Swift Pacakage Manager allows a package manifest (Package.swift) file to specify build settings for targets.
As a security measure, some build settings can only be specified using "unsafeFlags" parameter. For example, specifying a framework search path outside the current directory using the
-F build flag is considered "unsafe" because it could lead to code execution outside the package's own directory.
For packages downloaded from the internet, this could be considered an undesirable behavior. However, for locally-declared packages, this could be what we want to do.
However the design of SPM is such that any package that uses "unsafeFlags" cannot be depended on by another package, regardless of whether that package came from the internet, or was locally declared (in which case, you control it, so you don't need this kind of security measure).
So is there any override for when we want to use unsafeFlags somewhere in a dependency structure of various locally-declared Swift packages?
In my particular use case, we're using Swift Packages not for distributing software, but just as a replacement for Xcode project files, because Xcode project files are a constant source of annoying merge conflicts.