enable built-in gradle dependency verification
This fully replaces gradle-witness and goes far beyond what it offered. As far as I can tell, this actually will verify every single artifact that gradle downloads and uses. This was generated in two passes to get both the PGP and the SHA256 info: ``` ./gradlew --write-verification-metadata pgp,sha256 build connectedFullDebugAndroidTest --export-keys ./gradlew --write-verification-metadata sha256 build connectedFullDebugAndroidTest ``` Thanks to @vlsi who made me aware of this, and helped make it possible. closes !837merge-requests/913/head
Binary file not shown.
Reference in new issue