[R-pkg-devel] .tar vs. binary builds

Ben Bolker bbolker at gmail.com
Tue Aug 4 01:04:40 CEST 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



On 15-08-03 06:34 PM, Glenn Schultz wrote:
> Hi Ben,

[Please keep the list cc'd in your replies.]

> Thanks for answering so quickly.  Basically, I want to be able to
  distribute the package to users and testers some are on Mac others
  Windows.  I am looking for the best way to do this but for the time
  being there are some classes which should not be extended.  So the
  .tar being source may allow a user to uncompress the source and
  alter and export a class that needs to be protected from change.
  Basically, I want to open source a mortgage and asset backed
  valuation tool but there are certain classes that for now should not
  changed or extended.

I don't know how expert your users are, or what kind of
social/moral/administrative control you have over what they do with
your code. Building binary packages does strip out some information,
but since R is an interpreted language, the information needed to
change/modify/extend the code would still be present for a
sufficiently motivated user.  You will definitely gain some degree of
security/write-protection through obscurity, but not any real
protection.  R can be obfuscated, but it is not designed for being
locked down; if you really need security, the general advice is to
provide a front-end to the users via a server you control.

> Glenn
> 
> Sent from my iPhone
> 
>> On Aug 3, 2015, at 3:43 PM, Ben Bolker <bbolker at gmail.com> 
>> wrote:
>> 
>>>> On 15-08-03 04:31 PM, Glenn Schultz wrote: Hello All,
>>>> 
>>>> I have a package which I would like to distribute.  However, 
>>>> there are some classes that are not exported if I provide a 
>>>> tar file can the user decompress the tar to the source and 
>>>> then export class.  I am thinking the answer is year since 
>>>> the tar is source code. Conversely, a binary build would 
>>>> prohibit this - correct?
>>>> 
>>>> Best Regards, Glenn 
>>>> ______________________________________________ 
>>>> R-package-devel at r-project.org mailing list 
>>>> https://stat.ethz.ch/mailman/listinfo/r-package-devel
> 
> Not really clear what your question is.  If you distribute a source
> package/'tarball' (i.e. .tar, typically compressed to .tar.gz) then
> users can install via R CMD INSTALL [...] or within R
> install.packages("...",repos=NULL).  Then they'll have access to 
> everything that is exported via your NAMESPACE file.  Can you be 
> more concrete/specific/clear about what you have in mind?
> 
>> 
>> ______________________________________________ 
>> R-package-devel at r-project.org mailing list 
>> https://stat.ethz.ch/mailman/listinfo/r-package-devel

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQEcBAEBAgAGBQJVv/OIAAoJEOCV5YRblxUHfiMIAJwlKENYU3a2rj3npiJC59XO
ZxeBVBhDnWGrPN9g+w4pimSFZhJ2QD5+WuyA/SiuLN9vlVjBfzo7VGjRBqDopsmt
7/j1ACfx2Jz2uvnUWmb7IRI2uEBR+yIezuQbY0m6gbzKIrDHT8PYXkNvBnRW1EkA
c2T8C5pPocSCwyKCgqPARoCd16+Va6rzV1aCjuhJHk5tgH8a7IampP4dn9w/coRN
CLzJEWpXhzP+9fhSaG5bdLm3cTgDxybPDwPAvkWFhmmKrd3kpf69jMYUxIkyqgu8
HkLX4BT6s5qvURvmT1DyAY2pztJWaX2Gd3n1aEUze91Du8yq85miiGexWUZTDPc=
=uGhT
-----END PGP SIGNATURE-----



More information about the R-package-devel mailing list