Questions about verification-metadata.xml/verification metadata error reporting with Android studio and downloaded artifacts. Google doesn't always seem to update the hash files for libraries well (for instance, aapt for windows doesn't seem to have the right hashes right now for one version, but this happens from time to time). I've noticed some kotlin-specific extensions don't always update the hashes reliably as well. I'm assuming this is a very standard thing to happen per my own observed frequencies. It has happened enough with a kotlin extension or two I often skip those at this point and just work off the plain library (which is why this doesn't deserve the 😶 marker, some of those extensions look great). Is there some standard mechanism to point out these checksum mismatches to teams somewhere I may be unaware of? Am I missing out on some "major/minor" version convention which is the only time these checksums may be correct? Are there any great public key trackers for the OSS kotlin community I should be paying specific attention to (especially related to the seemingly useful but often out of sync kotlin extensions to libraries). Are there other libraries/tools I should be paying specific attention to?