In the metadata-only deposit a swhid is required.
The existence of the swhid in the archive, on the other hand, is only recommended (with SHOULD in the specs).
With the option to potentially give metadata on an object that isn't in the archive, we open the door to new possibilities but also to human errors.
Should we restrict the deposit to existing swhids, or should we trust the deposit client that they used the exact swhid they intended to use?