Kotlin Native download executables from the internet and runs them

Kotlin Native download executables from the internet and executes them as part of its build process. I just saw these specific files being downloaded:

It bypasses the Gradle verification methods. It is plain to see that none of those files are in gradle/verification-metadata.xml yet Gradle with verification enabled does not complain.

Anyone know if Kotlin Native does any of its own verification?

1 Like