I favour the former, as it makes merging upstream libraries easier.
hey guys. i'm just wondering, why in your pack.alpha capsule.clj (https://github.com/juxt/pack.alpha/blob/master/src/mach/pack/alpha/capsule.clj) while assembling an uberjar you calculate SHA-256 for all dependent jars and prepend their names in resulting uberjar with SHA signature?