[R-pkg-devel] Ensuring permanence and SHA consistency of released CRAN packages for validated software
Borini, Stefano
@te|@no@bor|n| @end|ng |rom @@tr@zenec@@com
Thu Mar 17 10:14:07 CET 2022
If you want to guarantee that a CRAN package can be re-installed years
from now, *you* should be archiving a copy of it.
We do, in fact, but that's beside the point. The success of an opensource project depends on the user base. I don't control the budget of the company I work for, or how that money is allocated. All I can say is that I found an issue and I am reporting it, and it's an issue that in the python world has been dealt with. It does not require more effort. It actually requires less. Just don't rebuild a package that has already been built.
That said, I do have some budget of my own time, which I can use (and in fact I do use) to collaborate with opensource projects during my working hours, but as I don't have the keys to CRAN build system I can't really fix the issue myself.
You may be negligent
by not doing so: there's no guarantee that CRAN will still be
distributing *any* version of MASS when the auditors show up.
As I said, we do, but when you decide to host what is basically the official package index for a language, you acquire some responsibilities (if not contractual, at least moral), regardless if you are an opensource developer or not.
________________________________
AstraZeneca UK Limited is a company incorporated in England and Wales with registered number:03674842 and its registered office at 1 Francis Crick Avenue, Cambridge Biomedical Campus, Cambridge, CB2 0AA.
This e-mail and its attachments are intended for the above named recipient only and may contain confidential and privileged information. If they have come to you in error, you must not copy or show them to anyone; instead, please reply to this e-mail, highlighting the error to the sender and then immediately delete the message. For information about how AstraZeneca UK Limited and its affiliates may process information, personal data and monitor communications, please see our privacy notice at www.astrazeneca.com<https://www.astrazeneca.com>
More information about the R-package-devel
mailing list