Gradle 依赖项是否比将 jar 下载到 libs 更安全?
[英]Are Gradle dependencies less safe than downloading the jar to libs?
问题描述
I want to have some graphing functionality in my Android app and found a few on Github.
我想在我的 Android 应用程序中有一些图形功能,并在 Github 上找到了一些。 Most of them recommend including some URLs in the Gradle to serve as dependencies.他们中的大多数人建议在 Gradle 中包含一些 URL 作为依赖项。
However what if the website goes down, or the author decides to remove the code?但是,如果网站出现故障,或者作者决定删除代码怎么办? Does this break your app?这会破坏您的应用程序吗? Is it safer to download the premade .jar file to the lib folder so you have your own copy of the code?将预制的 .jar 文件下载到 lib 文件夹以便您拥有自己的代码副本是否更安全?
1 个解决方案
解决方案1
1 已采纳 2016-03-25 14:05:49
It's safe to use dependencies from well known repositories like Maven central.使用来自众所周知的存储库(如 Maven central)的依赖项是安全的。 The rule is that once the artifact is uploaded it can't be changed or removed.规则是,工件一旦上传就不能更改或删除。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.