[R-pkg-devel] Questions about third-party package distribution, especially with respect to security

Robert Dodier robert.dodier at gmail.com
Sun Sep 17 21:35:53 CEST 2017

Hi, people other than the R developers can create packages which use R
to do interesting things. I gather such packages are mostly
distributed via CRAN, is that right? I am curious to know about the
process for approving such packages.

How much effort goes into reviewing and vetting packages? Is there any
process for approving packages before publication? Have any security
problems ever been encountered in third-party packages? Does the
package distributor make any statements as to guarantees about
security or the lack of them?

The reason I ask these questions is that we are debating package
distribution over in the Maxima project, and I would just like to
check in and see what you have encountered and how it has been
resolved. Thanks for any light you can shed on this topic.


Robert Dodier
Maxima project administrator and developer

More information about the R-package-devel mailing list