Update Dependency verification section in ReadMe.md

#KTI-1277

ReadMe.md

@@ -130,17 +130,21 @@ repository for all Gradle builds. Gradle will check hashes (md5 and sha256) of u
 It's expected that `verification-metadata.xml` should only be updated with the commits that modify the build. There are some tips how
 to perform such updates:
 
-- Use auto-generation for getting an initial list of new hashes (verify updates relate to you changes).
+- Delete `components` section of `verification-metadata.xml` to avoid stockpiling of old unused dependencies. You may use the following command:
+```bash
+#macOS
+sed -i '' -e '/<components>/,/<\/components>/d' gradle/verification-metadata.xml
+#Linux & Git for Windows
+sed -i -e '/<components>/,/<\/components>/d' gradle/verification-metadata.xml
+```
+- Re-generate dependencies with Gradle's `--write-verification-metadata` command (verify update relates to your changes)
 
 ```bash
 ./gradlew -i --write-verification-metadata sha256,md5 -Pkotlin.native.enabled=true resolveDependencies
 ```
 
-*(`resolveDependencies` task resolves dependencies for all platforms including dependencies downloaded by plugins)*
+*`resolveDependencies` task resolves dependencies for all platforms including dependencies downloaded by plugins*
 
-- Consider removing old versions from the file if you are updating dependencies.
-- Leave meaningful `origin` attribute (instead of `Generated by Gradle`) if you did some manual verification of the artifact.
-- Always do manual verification if several hashes are needed, and a new `also-trust` tag has to be added.
 - If you’re adding a dependency with OS mentioning in an artifact name (`darwin`, `mac`, `osx`, `linux`, `windows`), remember to add them to 
   `implicitDependencies` configuration or update `resolveDependencies` task if needed. `resolveDependencies` should resolve all dependencies
   including dependencies for different platforms.