Hey,
I would like to integrate GitHub - signalapp/gradle-witness: A gradle plugin that enables static verification for remote dependencies. in some apps. The plugin compairs hashsums of downloaded gradle depencies with a list in the gradle file. Because the plugin can be manipulated itself, it needs to be in the repo as jar file.
Are jar files allowed as depency in F-Droid?
Transportr also uses this plugin and I couldn’t see, that it’s removed for fdroid builds.