So far (as @Tony_Parker and @millenomi were saying elsewhere) the plan is to first split up Foundation a bit so that URLSession (and XMLParser) become their own modules.
After that's done we can start porting URLSession to use SwiftNIO instead of libcurl. In my personal ideal world we'd also make (at least) the URLSession part updateable through SwiftPM but that's a larger piece of work. For the interim I think we would need to have a private copy of SwiftNIO where all the symbols are prefixed inside of Foundation so that the regular SwiftNIO can still be developed and updated as we know and like it. Every so and so often we would then import a stable NIO release into Foundation.
Now that does sound difficult and some may ask why not to just compile libcurl as part of the Swift toolchain compilation (as I think @Max_Desiatov suggested): The problem is that we would then still depend on the system's Open/LibreSSL version and we're still in the same messy situation as today where the only option is for everybody to use the system's Open/LibreSSL version which is a problem because not all OpenSSLs support ALPN etc. Of course we could also decide to ship OpenSSL with the Swift toolchain (and libxml2 and libsasl and ...) but then the Swift toolchain would essentially become a Linux distribution which is certainly not a good idea.
The only way out I see is to make the libraries that ship with Swift (Foundation, Dispatch & stdlib) depend on nothing but the absolute minimum (which does include ICU but ICU supports symbol prefixing).
Now I should point out that swift-nio-ssl does depend on OpenSSL today but as soon as Foundation loses its libcurl & OpenSSL dependencies swift-nio-ssl can then embed a BoringSSL version with __attribute__((visibility("hidden"))) and then we can finally have Swift programs on Linux that use Foundation that can still be statically linked and don't have any OpenSSL symbols in the global symbol tables.
Why is this only a problem on Linux? Basically because Darwin's dyld supports two-level namespaces and Linux does not...
I realise that this is probably all a bit dense so please do ask if you're interested in more details.
Also CC @lukasa and @kevints who have also spend some non-trivial portion of their lives discussing this issue 