> Maven artifacts are immutable, so the whole resolution is deterministic

Nope, Maven will grab anything which happens to have a particular filename from `~/.m2`, or failing that it will accept whatever a HTTP server gives it for a particular URL. It can compare downloaded artifacts against a hash; but that's misleading, since those hashes are provided by the same HTTP server as the artifact! (Useful for detecting a corrupt download; useless for knowing anything about the artifact or its provenance, etc.)

This isn't an academic/theoretical issue; I've run into it myself https://discuss.gradle.org/t/plugins-gradle-org-serving-inco...