[R-pkg-devel] What to do when a package is archived from CRAN

SHIMA Tatsuya t@1@1@ndn @end|ng |rom gm@||@com
Sun Aug 27 17:17:01 CEST 2023 

Hi Ivan, thanks for taking the time to look at all the details of this.

 > You licensed the package as MIT. Are your dependencies compatible 
with MIT? All direct dependencies of your Rust code seem to be licensed 
under either MIT or Apache-2.0, which seems to be compatible.

I am not a legal expert, but as you have seen all of prqlr's dependent crates are compatible with the MIT license, and I interpret this to mean that there is no problem distributing anything containing them under the MIT license.

 > You named the copyright holder of your package as "prqlr authors", 
which may be a problem. (I think I saw it somewhere that for MIT 
license, CRAN prefers the copyright holder to be some kind of legal 
entity: either the legal name of a person, or a company, or something 
like that.)

I believe some popular R packages (e.g. dplyr) use this notation.

In the first submission of prqlr 0.5.0, CRAN pointed out that the role 
of "The authors of the dependency Rust crates" should be changed to 
author, but nothing else was pointed out.

Best,
Tatsuya

On 2023/08/27 6:22, Ivan Krylov wrote:
> On Sat, 26 Aug 2023 11:46:44 +0900
> SHIMA Tatsuya<ts1s1andn using gmail.com>  wrote:
>
>> I noticed that my submitted package `prqlr` 0.5.0 was archived from
>> CRAN on 2023-08-19.
>> <https://CRAN.R-project.org/package=prqlr>
>>
>> I submitted prqlr 0.5.0 on 2023-08-13. I believe I have since only
>> received word from CRAN that it passed the automated release process.
> Sarah gave a good guess (although there are CRAN packages containing
> C++ and Rust code with NOTEs about size of their libs, 18.2Mb is still
> a lot), though I do find it strange that you didn't receive anything
> from CRAN prior to having your package archived. I don't think I ever
> had problems with e-mails being delivered from CRAN to GMail, but we
> can't rule that out.
>
> You've obviously made an effort to follow the Rust policy, and I don't
> see any obvious problems with this part of the package, although I
> haven't tried it myself to verify the installation working offline from
> bundled source code.
>
> You've also made an effort to list all the authors of the code
> comprising your package in inst/AUTHORS, which is the right thing to do
> to avoid making the list of authors in DESCRIPTION long enough to be
> unreadable.
>
> You licensed the package as MIT. Are your dependencies compatible with
> MIT? All direct dependencies of your Rust code seem to be licensed
> under either MIT or Apache-2.0, which seems to be compatible. You named
> the copyright holder of your package as "prqlr authors", which may be a
> problem. (I think I saw it somewhere that for MIT license, CRAN prefers
> the copyright holder to be some kind of legal entity: either the legal
> name of a person, or a company, or something like that.)
>
> Could the Rust code or any of the dependencies accidentally write under
> the user's home directory or take over the terminal or something like
> that?
>
> We might need a response from CRAN after all.
>
	[[alternative HTML version deleted]]

More information about the R-package-devel mailing list