>It uses its own folder structure that uses different files even for the case when different repositories have different content for the very same artifact version.
Just in case, here's relevant section in Gradle documentation: https://docs.gradle.org/current/userguide/dependency_cache.html#header In case you missed it, I've created a blogpost on the need for PGP in dependency verification: https://medium.com/@vladimirsitniko/dependency-verification-checksum-vs-pgp-582e76207019 Vladimir
