A modern programming language that makes developers happier.

kotlinlang

The <https://developer.android.com/distribute/sdk-index|Google Play SDK Index> requires to put a small file in the `META-INF` folder of the jar for verification purposes (<https://support.google.com/googleplay/android-developer/answer/12244916#Verify_ownership|doc>). While it’s probably technically OK (the file is small), it still feels a bit weird. It’s adding noise to the binary for no apparent good reason. The file could be put in another artifact or sounds like we could use GPG signatures for that.
Any thoughts about this? Is that common practice?

That does feel weird. I've never heard of anything similar, but I don't know much about anything other than Central. And yeah, it sounds like they could ask you to put the GPG public key into your account to verify the artifacts? That's how the regular Play Store for apps works, no?

Which JAR does it need to be in? If it's in the main JAR, that's extra weird for me, because it means it will end up in the final JAR of any application using the library, no?

I’d hope the AGP packaging removes it but non-AGP consumers are like :shrug:

(and maybe AGP packaging does nothing about it, I haven’t checked)

I think it's relatively fine. JARs contain metadata anyway, like META-INF/MANIFEST.MF which can contain signing

ah they want it to use your name in the path so it won't even cause any problems with duplicate resources when people bundle it