[bjfish]

I think you might be misunderstanding how this service works.

The Github repositories don't serve the packages.

Jitpack checkouts the repository code, builds it, and serves it like a normal maven repository. Here is a sample repository https://github.com/jitpack/maven-simple and the maven repository it is served from: https://jitpack.io/com/github/jitpack/maven-simple/0.1/maven...

[encloser]

I got that it is building a binary and basically placing it in a local repo. I also get that it is looking for a binary from a GitHub Release first, which is mildly better.

I still think solutions like this are putting your build process at great risk. You will have build issues that are no fault of your own and completely out of your control. Unless you clone the github repository and then use that as your source. And cloning will have issues and risks of its own.

EDIT: See pron's reply for describing the risks: https://news.ycombinator.com/item?id=9029870

[jitpack]

That's correct