[R-pkg-devel] What to do when a package is archived from CRAN
SHIMA Tatsuya
t@1@1@ndn @end|ng |rom gm@||@com
Sun Aug 27 17:03:06 CEST 2023
Simon,
Thank you for taking a look at this.
> One related issue with respect to CRAN policies that I don't see a
good solution for is that inst/AUTHORS is patently unhelpful, because
most of them say "foo (version ..): foo authors" with no contact, or
real names or any links.
I understand your thoughts, but if we look for the inst/AUTHOURS files
contained in the packages on CRAN, I don't think they always contain the
contact information.
For example, this is from the igraph package.
<https://github.com/cran/igraph/blob/5e22d808f0341fcaa8944fe893c0980000ce7656/inst/AUTHORS>
Also, I have listed the URLs of the dependent crates (the `repository`
field of Cargo.toml) in the LICENSE.note file, so we can see where the
dependent crates are being developed.
Best,
Tatsuya
On 2023/08/27 14:36, Hiroaki Yutani wrote:
> Simon,
>
> Ok, let's take a look at a real example. The first item of
> inst/AUTHORS of prqlr (GitHub version) is this:
>
> addr2line (version 0.20.0):
> addr2line authors
>
> You can find addr2line's owners on crates.io <http://crates.io> [1],
> while its manifest file (Cargo.toml) [2] doesn't contain the names of
> its owners or authors. In Rust's manifest, the "authors" field is
> optional [3] unlike R. You might argue "owners" is not the same as
> "authors," but at least crates.io <http://crates.io> provides the
> names of those who are responsible for the crate.
>
> Let's go back to your question.
>
> > So are you saying you have to use crates.io <http://crates.io> and
> do some extra step during the (misnamed) "vendor" step?
>
> "cargo vendor" doesn't take care of generating the list of authors, so
> it's not "during the vender step." It has to be done separately
> anyway. I was just saying you **can** use crates.io <http://crates.io>
> in that step instead of searching for the authors manually one by one
> (or filling it with "foo authors" when the manifest file doesn't
> contain any names).
>
> That said, I agree with you in general that the Rust community is
> relatively loose about authorship and licensing when compared with R.
> I don't think it's necessarily a problem, but the impedance mismatch
> is a headache. I was just trying to point out this part of your opinion
>
> > the Rust community as there doesn't seem to be any accountability
> with respect to ownership and attribution.
>
> was not quite true. I hope the R community and the Rust community have
> respect for each other.
>
> Best,
> Yutani
>
> [1]: https://crates.io/crates/addr2line
> [2]: https://github.com/gimli-rs/addr2line/blob/0.20.0/Cargo.toml
> [3]:
> https://doc.rust-lang.org/cargo/reference/manifest.html#the-authors-field
>
>
> 2023年8月27日(日) 12:07 Simon Urbanek <simon.urbanek using r-project.org>:
>
> Yutani,
>
>
>> On Aug 27, 2023, at 2:19 PM, Hiroaki Yutani
>> <yutani.ini using gmail.com> wrote:
>>
>> Simon,
>>
>> > it's assumed that GitHub history is the canonical source with
>> the provenance, but that gets lost when pulled into the package.
>>
>> No, not GitHub. You can usually find the ownership on crates.io
>> <http://crates.io/>. So, if you want a target to blame, it's
>> probably just a problem of the script to auto-generate
>> inst/AUTHORS in this specific case. But, clearly, Rust's
>> ecosystem works soundly under the existence of crates.io
>> <http://crates.io/>, so I think this is the same kind of pain
>> which you would feel if you use R without CRAN.
>>
>
> Can you elaborate? I have not found anything that would have a
> list of authors in the sources. I fully agree that I know nothing
> about it, but even if you use R without CRAN, each package
> contains that information in the DESCRIPTION file since it's so
> crucial. So are you saying you have to use crates.io
> <http://crates.io> and do some extra step during the (misnamed)
> "vendor" step? (I didn't see the submitted tar ball of plqrl and
> its release on GitHub is not the actual package so can't check -
> thus just trying reverse-engineer what happens by looking at the
> dependencies which leads to GitHub).
>
>
>> Sorry for nitpicking.
>>
>
> Sure, good to get the fact straight.
>
> Cheers,
> Simon
>
>
>
>> Best,
>> Yutani
>>
>> 2023年8月27日(日) 6:57 Simon Urbanek <simon.urbanek using r-project.org>:
>>
>> Tatsuya,
>>
>> What you do is contact CRAN. I don't think anyone here can
>> answer your question, only CRAN can, so ask there.
>>
>> Generally, packages with sufficiently many Rust dependencies
>> have to be handled manually as they break the size limit, so
>> auto-rejections are normal. Archival is unusual, but it may
>> have fallen through the cracks - but the way to find out is
>> to ask.
>>
>> One related issue with respect to CRAN policies that I don't
>> see a good solution for is that inst/AUTHORS is patently
>> unhelpful, because most of them say "foo (version ..): foo
>> authors" with no contact, or real names or any links. That
>> seems to be a problem stemming from the Rust community as
>> there doesn't seem to be any accountability with respect to
>> ownership and attribution. I don't know if it's because it's
>> assumed that GitHub history is the canonical source with the
>> provenance, but that gets lost when pulled into the package.
>>
>> Cheers,
>> Simon
>>
>> PS: Your README says "(Rust 1.65 or later)", but the version
>> condition is missing from SystemRequirements.
>>
>>
>> > On Aug 26, 2023, at 2:46 PM, SHIMA Tatsuya
>> <ts1s1andn using gmail.com> wrote:
>> >
>> > Hi,
>> >
>> > I noticed that my submitted package `prqlr` 0.5.0 was
>> archived from CRAN on 2023-08-19.
>> > <https://CRAN.R-project.org/package=prqlr
>> <https://cran.r-project.org/package=prqlr>>
>> >
>> > I submitted prqlr 0.5.0 on 2023-08-13. I believe I have
>> since only received word from CRAN that it passed the
>> automated release process.
>> <https://github.com/eitsupi/prqlr/pull/161>
>> > So I was very surprised to find out after I returned from
>> my trip that this was archived.
>> >
>> > The CRAN page says "Archived on 2023-08-19 for policy
>> violation. " but I don't know what exactly was the problem.
>> > I have no idea what more to fix as I believe I have solved
>> all the problems when I submitted 0.5.0.
>> >
>> > Is there any way to know what exactly was the problem?
>> > (I thought I sent an e-mail to CRAN 5 days ago but have not
>> yet received an answer, so I decided to ask my question on
>> this mailing list, thinking that there is a possibility that
>> there will be no answer to my e-mail, although I may have to
>> wait a few weeks for an answer. My apologies if this idea is
>> incorrect.)
>> >
>> > Best,
>> > Tatsuya
>> >
>> > ______________________________________________
>> > R-package-devel using r-project.org mailing list
>> > https://stat.ethz.ch/mailman/listinfo/r-package-devel
>> >
>>
>> ______________________________________________
>> R-package-devel using r-project.org mailing list
>> https://stat.ethz.ch/mailman/listinfo/r-package-devel
>>
>
[[alternative HTML version deleted]]
More information about the R-package-devel
mailing list