Privacy manifest support

[soho-jj]

Hello,

According to Upcoming third-party SDK requirements, starting this spring, iOS apps using BoringSSL or OpenSSL need to have a Privacy manifest file when submitted to the App Store.

It seems like there's some related C code in swift-crypto (CCryptoBoringSSL). I'm not entirely sure if this calls for a Privacy manifest, but I'm curious if there are any plans to include such a file.

[Lukasa]

Good call-out, we should add such a manifest here.

[Lukasa]

In this instance the manifest is purely empty so this is easy for us to do.

[soho-jj]

@Lukasa Thanks.

I'm using swift-certificate, and it requires Privacy manifest support for both swift-crypto and swift-asn1, the libraries it depends on.

It seems like you might be involved with both of swift-certificate, swift-asn1 as well, but just to confirm, I'll leave identical issues for each of repo.

[Lukasa]

It's my understanding that there is no need to provide privacy manifest files for those targets: they're only necessary in cases where the privacy manifest would not be empty, or when we're specifically distributing one of the listed SDKs.

[soho-jj]

You are right. I think i was a bit confused. But since swift-certificate has a dependency on swift-crypto, I thought that if a private manifest is added to swift-crypto, it would be necessary to update the version of swift-crypto in swift-certificate.

[Lukasa]

swift-certificates only expresses a minimum requirement. When we ship an update, a simple package resolution should cause the update to be taken on your end.