Swift Package Manager, https or ssh?

I'm using for my projects swift package manager.
I have 2 options to add a package to the project using a https link ("https://github.com/....git") or using ssh ("git@github.com:....git")

Unfortunately I noticed that if a package is added as dependency in 2 different places. let say Main project depends Package A and Package B while Package B depends on Package A as well. We need to have the same protocol to link the dependencies in both the project and package B.
If one of them uses "https" and the other "git@" the conflict fail to be resolved.

So here is my questions :
Which one should we use preferably https or ssh? (Meaning what is the commun way to do it?)
Is this behaviour a bug or a feature?

In my experience the common way of doing it is HTTPS for all public repos and SSH for private repos.

The fact that SwiftPM treats HTTPS and SSH as different packages is a limitation of it's current resolution algorithm. It uses the URL to identify packages. There are some proposals being pitched at the moment to solve this

1 Like

Thanks for your answer. I'm not sure I understand why there is a difference for private and public package tho.

Because SSH lets you auth using key-based authentication, which is non-interactive, while https:// requires username/password authentication, which is interactive. This means that for internal repos that often have access control, SSH lets you through that access control more easily.

As to why not SSH everywhere, HTTPS is substantially less expensive for git to use as a clone mechanism.

1 Like

That's exactly the bit of information that I was missing, thanks :)

Terms of Service

Privacy Policy

Cookie Policy