Thanks for the background on that. I suspected it was a new feature. ~ David Smiley Apache Lucene/Solr Search Developer http://www.linkedin.com/in/davidwsmiley
On Mon, Feb 22, 2021 at 5:02 PM Mike Drob <md...@mdrob.com> wrote: > This feature was added to Gradle 6.2, which wasn't available when we first > did the conversion from ant. > > This plugin doesn't do any verification of license and notice files like > we do, so that's one thing that we will still need our custom validation > for. > > We could potentially move the checksum verification to the plugin, but > that seems like a lot of effort for I'm not sure what the payoff is. > > I don't trust the state of signatures in open source repositories to know > if going down that path is worthwhile, but I also suspect not. > > > Mike > > On Mon, Feb 22, 2021 at 3:45 PM David Smiley <dsmi...@apache.org> wrote: > >> I noticed that Gradle has a built-in dependency version locking mechanism >> that is different than the one we are using: >> https://docs.gradle.org/current/userguide/dependency_verification.html >> Dawid (or anyone), why are we using something different? Is our >> mechanism completely defined ad-hoc in Groovy in >> gradle/validation/jar-checks.gradle or is there some related plugin for >> this? >> >> ~ David Smiley >> Apache Lucene/Solr Search Developer >> http://www.linkedin.com/in/davidwsmiley >> >