[R-pkg-devel] .tar vs. binary builds

Glenn Schultz glennmschultz at me.com
Tue Aug 4 01:59:24 CEST 2015

Hi Ben,

I get it thanks - feedback very helpful.


On Aug 03, 2015, at 06:06 PM, Ben Bolker <bbolker at gmail.com> wrote:

Hash: SHA1

On 15-08-03 06:34 PM, Glenn Schultz wrote:
Hi Ben,

[Please keep the list cc'd in your replies.]

Thanks for answering so quickly. Basically, I want to be able to
distribute the package to users and testers some are on Mac others
Windows. I am looking for the best way to do this but for the time
being there are some classes which should not be extended. So the
.tar being source may allow a user to uncompress the source and
alter and export a class that needs to be protected from change.
Basically, I want to open source a mortgage and asset backed
valuation tool but there are certain classes that for now should not
changed or extended.

I don't know how expert your users are, or what kind of
social/moral/administrative control you have over what they do with
your code. Building binary packages does strip out some information,
but since R is an interpreted language, the information needed to
change/modify/extend the code would still be present for a
sufficiently motivated user. You will definitely gain some degree of
security/write-protection through obscurity, but not any real
protection. R can be obfuscated, but it is not designed for being
locked down; if you really need security, the general advice is to
provide a front-end to the users via a server you control.


Sent from my iPhone

On Aug 3, 2015, at 3:43 PM, Ben Bolker <bbolker at gmail.com>

On 15-08-03 04:31 PM, Glenn Schultz wrote: Hello All,

I have a package which I would like to distribute. However,
there are some classes that are not exported if I provide a
tar file can the user decompress the tar to the source and
then export class. I am thinking the answer is year since
the tar is source code. Conversely, a binary build would
prohibit this - correct?

Best Regards, Glenn
R-package-devel at r-project.org mailing list

Not really clear what your question is. If you distribute a source
package/'tarball' (i.e. .tar, typically compressed to .tar.gz) then
users can install via R CMD INSTALL [...] or within R
install.packages("...",repos=NULL). Then they'll have access to
everything that is exported via your NAMESPACE file. Can you be
more concrete/specific/clear about what you have in mind?

R-package-devel at r-project.org mailing list

Version: GnuPG v1.4.11 (GNU/Linux)


R-package-devel at r-project.org mailing list

More information about the R-package-devel mailing list