[R-pkg-devel] checksums change after publication on CRAN?

Joris Meys Joris.Meys at ugent.be
Mon Apr 30 18:03:55 CEST 2018

In a discussion of twitter it was pointed out that the checksums of
packages change after publication on CRAN. One example is the Matrix
package version 1.2-12, which was available on CRAN already on nov 17, 2017
but got a different checksum on nov 20, 2017. This caused issues in eg

(see reference here :
https://github.com/easybuilders/easybuild-easyconfigs/pull/6118 )

I went through the Matrix SVN repo, and there is no commit whatsoever that
adds the last line in the DESCRIPTION file. This line reads:

Date/Publication: 2017-11-20 18:57:47 UTC

I wondered how this happens, and it looks like CRAN adds this automatically
days after the source is available for download.

This is suboptimal imho as it would technically mean that you can have two
files of the same package version with different checksums. It leads people
to believe packages on CRAN can be changed without bumping the version
number, and technically that's what it boils down to.

Anyone who knows what's going on there?

Reference to twitter discussion with Kenneth Hoste about this :

Kind regards

Joris Meys
Statistical consultant

Department of Data Analysis and Mathematical Modelling
Ghent University
Coupure Links 653, B-9000 Gent (Belgium)

tel: +32 (0)9 264 61 79
Biowiskundedagen 2017-2018

Disclaimer : http://helpdesk.ugent.be/e-maildisclaimer.php

	[[alternative HTML version deleted]]

More information about the R-package-devel mailing list