PURL encoding for SwiftPM is invalid as PURL specification.

[heliocastro]

Current Swift generated PURL has slash encoding, creating a result similar like:

purl: "pkg:swift/github.com%2Fapple%2Fswift-argument-parser@1.3.0"

This is not valid following the PURL specification. Quoting here from Character Encoding section:

the '/' used as type/namespace/name and subpath segments separator does not need to and must NOT be percent-encoded. It is unambiguous unencoded everywhere

This issue was first discussed with @pombredanne and this is really invalid.

On last community meeting, @fviernau mentioned a probable cause that SwiftPM not provides the namespace like field, only entire namespace as a name, and Ort was assuming that slash was a part of name, so %2F enconding.
Some package manager like Maven provides namespace ( a Java common ), so Ort probably wrong assuming that every single package manager follow.

A possible simple solution is just not encode anymore ant entry and treat PURL as single entity, instead of expecting namespace ( or consider as last fallback )

A more complex, un unlikely solution is make adjusts on the SwiftPM package manager code to separate namespace / name, but this can only work if retrieved names are consistent from the package manager.

A possible improvement is get rid of self made PURL code and use the PURL official java library to assembly the PURL and have it validated as well.

[fviernau]

In order to interpret the excerpt from the PURL spec, one must have define what exactly the namespace and name bits are. This IMO is not clear for swift packages.

Maybe, this discussion is interesting as well: google/osv.dev#1923