[R-pkg-devel] .tar vs. binary builds

Glenn Schultz glennmschultz at me.com
Tue Aug 4 01:59:24 CEST 2015


Hi Ben,

I get it thanks - feedback very helpful.

-Glenn  

On Aug 03, 2015, at 06:06 PM, Ben Bolker <bbolker at gmail.com> wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



On 15-08-03 06:34 PM, Glenn Schultz wrote:
Hi Ben,

[Please keep the list cc'd in your replies.]

Thanks for answering so quickly. Basically, I want to be able to
distribute the package to users and testers some are on Mac others
Windows. I am looking for the best way to do this but for the time
being there are some classes which should not be extended. So the
.tar being source may allow a user to uncompress the source and
alter and export a class that needs to be protected from change.
Basically, I want to open source a mortgage and asset backed
valuation tool but there are certain classes that for now should not
changed or extended.

I don't know how expert your users are, or what kind of
social/moral/administrative control you have over what they do with
your code. Building binary packages does strip out some information,
but since R is an interpreted language, the information needed to
change/modify/extend the code would still be present for a
sufficiently motivated user. You will definitely gain some degree of
security/write-protection through obscurity, but not any real
protection. R can be obfuscated, but it is not designed for being
locked down; if you really need security, the general advice is to
provide a front-end to the users via a server you control.

Glenn

Sent from my iPhone

On Aug 3, 2015, at 3:43 PM, Ben Bolker <bbolker at gmail.com>
wrote:

On 15-08-03 04:31 PM, Glenn Schultz wrote: Hello All,

I have a package which I would like to distribute. However,
there are some classes that are not exported if I provide a
tar file can the user decompress the tar to the source and
then export class. I am thinking the answer is year since
the tar is source code. Conversely, a binary build would
prohibit this - correct?

Best Regards, Glenn
______________________________________________
R-package-devel at r-project.org mailing list
https://stat.ethz.ch/mailman/listinfo/r-package-devel

Not really clear what your question is. If you distribute a source
package/'tarball' (i.e. .tar, typically compressed to .tar.gz) then
users can install via R CMD INSTALL [...] or within R
install.packages("...",repos=NULL). Then they'll have access to
everything that is exported via your NAMESPACE file. Can you be
more concrete/specific/clear about what you have in mind?


______________________________________________
R-package-devel at r-project.org mailing list
https://stat.ethz.ch/mailman/listinfo/r-package-devel

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQEcBAEBAgAGBQJVv/OIAAoJEOCV5YRblxUHfiMIAJwlKENYU3a2rj3npiJC59XO
ZxeBVBhDnWGrPN9g+w4pimSFZhJ2QD5+WuyA/SiuLN9vlVjBfzo7VGjRBqDopsmt
7/j1ACfx2Jz2uvnUWmb7IRI2uEBR+yIezuQbY0m6gbzKIrDHT8PYXkNvBnRW1EkA
c2T8C5pPocSCwyKCgqPARoCd16+Va6rzV1aCjuhJHk5tgH8a7IampP4dn9w/coRN
CLzJEWpXhzP+9fhSaG5bdLm3cTgDxybPDwPAvkWFhmmKrd3kpf69jMYUxIkyqgu8
HkLX4BT6s5qvURvmT1DyAY2pztJWaX2Gd3n1aEUze91Du8yq85miiGexWUZTDPc=
=uGhT
-----END PGP SIGNATURE-----

______________________________________________
R-package-devel at r-project.org mailing list
https://stat.ethz.ch/mailman/listinfo/r-package-devel


More information about the R-package-devel mailing list