Gradle has built-in verification, time to remove gradle-witness

gradle now offers complete verification of all the artifacts it downloads and uses, as of v6.2. gradle-witness and others were always limited to a small subset. It is time to switch to the built-in verification:

I think it makes sense for fdroid scanner to flag the gradle-witness.jar as an error. For builds using gradle older than v6.2, @vlsi’s checksum-dependency-plugin plugin has much better coverage than gradle-witness:

1 Like

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.