
Verifying Gradle Wrappers with GitHub Actions - naruhodo
https://blog.gradle.org/gradle-wrapper-checksum-verification-github-action
======
naruhodo
> The gradle-wrapper.jar is a binary blob of executable code that is checked
> into nearly 2.8 Million GitHub Repositories.

Which I find terrifying. It's a trap for the unwary.

