Within manifests, package identity could be improved as you've suggested, possibly by updating Target.Dependency.product(name:package:condition:) to accept a package URL.
There are also subcommands which take package names:
swift package editswift package resolveswift package uneditswift package update
Should these subcommands be updated to accept package URLs? Would this affect a package which has already been put into editable mode?
Xcode has an alternative to swift package edit. A package dependency can be overridden, by adding a local package with the same name:
Should this be replaced by proper edit/unedit commands within Xcode? Or fallback to using the git remote URLs of the local package?
I'll try to give a more detailed example, but I only discovered RFC 8615 recently (for this thread).
If the package manager/registry wants to verify that a com.apple::swift-nio-* package or com.apple::NIO* module is allowed to use the com.apple::* namespace, it could make a request to:
This can redirect to a subdomain:
If the response is an error (e.g. 404 Not Found), then the com.apple::* namespace isn't restricted available (which might give a warning/error by default).
If the response is a package collection, then the com.apple::* namespace is restricted to package URLs in the collection.
Alternatives:
-
The well-known URIs registry needs a specification of the format, which is why I suggested using a package collection, but a simpler format is possible.
-
GitHub uses a DNS TXT record to verify an organization's domain.
GitHub or GitLab wouldn't need to put the packages of other organizations/users in a collection.
The com.apple::* namespace would only be used for public, open-source packages. Perhaps the org.swift::* or com.apple.opensource::* namespaces are more suitable? (Existing closed-source system frameworks have com.apple.* bundle identifiers.)