Publish the library to a public repository

[mamohr]

It would be much more comfortable for users of the library if they could just add it as a maven dependency instead of integrating it at the source level. For this it should be published in a public repository like jcenter or maven central.

[RoadXY]

Any update on this, please?

[dbrgn]

As a workaround, you should be able to use https://jitpack.io/

[Flowdalic]

I really discourage using jitpack.io. It's a security nightmare. You can't verify that the artifacts are authentic.

Including MTM in you Android projects as git submodule, which is really easy, is currently the only way to ensure that it's authentic.

[dbrgn]

@Flowdalic you could use gralde-witness to lock down the hash of the build, and then link against a specific revision using Jitpack. (Or does the hash change on jitpack for every build?)

But you're probably right, Submodules are probably the better solution (even though they're a pain to use properly with multiple contributors).

[Flowdalic]

@Flowdalic you could use gralde-witness to lock down the hash of the build, and then link against a specific revision using Jitpack. (Or does the hash change on jitpack for every build?)

Yes gradle-witness (or the alternatives mentioned in http://stackoverflow.com/a/34795359/194894) would help, given that Jitpack doesn't change the hash for stable artifacts.

I find submodules preferable and easy to use (even with multiple contributors). Compared to consume the dependency as artifact, they allow you to directly make changes to the code and easily upstream it.