[R-pkg-devel] Questions about third-party package distribution, especially with respect to security
robert.dodier at gmail.com
Sun Sep 17 21:35:53 CEST 2017
Hi, people other than the R developers can create packages which use R
to do interesting things. I gather such packages are mostly
distributed via CRAN, is that right? I am curious to know about the
process for approving such packages.
How much effort goes into reviewing and vetting packages? Is there any
process for approving packages before publication? Have any security
problems ever been encountered in third-party packages? Does the
package distributor make any statements as to guarantees about
security or the lack of them?
The reason I ask these questions is that we are debating package
distribution over in the Maxima project, and I would just like to
check in and see what you have encountered and how it has been
resolved. Thanks for any light you can shed on this topic.
Maxima project administrator and developer
More information about the R-package-devel