[R-pkg-devel] Semantic versioning and maintenance releases

[Duncan Murdoch]

On 25/10/2017 2:23 PM, Shivaram Venkataraman wrote:
> Hello
> 
> We have an R package that uses semantic versioning -- i.e. version numbers
> are of the form major_version.minor_version.patch_version
> 
> One of the ways we use the patch_versions is to make maintenance releases
> or security fixes that users can apply without worrying about any
> functionality changes. For example if our users were on 1.6.2 it is often
> easier for them to upgrade to 1.6.3 which has a security fix rather than
> 1.7.0
> 
> On the other hand our development continues towards the next minor version
> and we sometimes have cases where say 1.6.3 is released after 1.7.0.
> 
> While running `R CMD check --as-cran` for version 1.6.3 we find that this
> leads to a warning which looks like 'Insufficient package version (submitted:
> 1.6.3, existing: 1.7.0)'.
> 
> Our question is whether it is okay to upload these maintenance releases to
> CRAN and if there is some way we can mark that the version numbers follow
> semantic versioning.

CRAN won't accept 1.6.3 after 1.7.0 has been published there.  It 
requires version numbers to be increasing.  There's no provision for the 
scheme you're following.

Even if there were, it's not easy for a user to ask to install any 
version but the latest one.  They'd need to work out the URL and 
download the tarball and build it from source.  install.packages() has 
no provision for handling this automatically.

I'd suggest that you put the patch releases for older versions on Github 
or some other repository, and explain how users can install directly 
from there.

Duncan Murdoch