You do not need to use the gradle wrapper - you can use your own trusted version. Wrapper is there just for convenience. I understand your concerns, but it is not the only way and you are not forced to use it.
I actually have tried to use the trusted version that comes with the Fedora packages. It was quite a while ago so I don't remember exactly why that didn't work, but I think it had to do with Fedora packaging an older version of Gradle than the build configuration required.
So, nice thought. I guess I could work out what Ubuntu system the author used and set up a matching Ubuntu toolbox (container) with the right Gradle version. It's not really a win for Gradle if the developer's operating system has to be shipped with the build system.
Except that Gradle constantly releases new versions with breaking changes. You need to install your own trusted version for each version that you use, and know which one to use for each project.
I agree it is not easy to use correct local version, but that is why gradle wrapper is there. In case you do no trust it, you have workaround for it. For projects from company repository, this should not be issue. For random project from github, it may be worth to go the safe way.
naruhodo|2 years ago
So, nice thought. I guess I could work out what Ubuntu system the author used and set up a matching Ubuntu toolbox (container) with the right Gradle version. It's not really a win for Gradle if the developer's operating system has to be shipped with the build system.
shaftway|2 years ago
miskin|2 years ago