[R-pkg-devel] What to do when a package is archived from CRAN

SHIMA Tatsuya t@1@1@ndn @end|ng |rom gm@||@com
Sun Aug 27 17:28:30 CEST 2023 

Hi Tim, thank you for sharing this information. i didn't know this.

If this is the cause, the problem seems to have been resolved in the 
latest serde <https://github.com/serde-rs/serde/pull/2590>, so it seems 
to be possible to deal with it.

Best,
Tatsuya

On 2023/08/27 20:24, Tim Taylor wrote:
> Could you have been caught out with the precompiled binary that serde 
> started distributing in a few of it’s versions 
> (https://github.com/serde-rs/serde/issues/2538)? That could have been 
> a reason if you pinned a version with it present but only CRAN could 
> confirm if that was the reason.
>
> Tim
>
>> On 26 Aug 2023, at 22:22, Ivan Krylov <krylov.r00t using gmail.com> wrote:
>>
>> On Sat, 26 Aug 2023 11:46:44 +0900
>> SHIMA Tatsuya <ts1s1andn using gmail.com> wrote:
>>
>>> I noticed that my submitted package `prqlr` 0.5.0 was archived from
>>> CRAN on 2023-08-19.
>>> <https://CRAN.R-project.org/package=prqlr>
>>>
>>> I submitted prqlr 0.5.0 on 2023-08-13. I believe I have since only
>>> received word from CRAN that it passed the automated release process.
>>
>> Sarah gave a good guess (although there are CRAN packages containing
>> C++ and Rust code with NOTEs about size of their libs, 18.2Mb is still
>> a lot), though I do find it strange that you didn't receive anything
>> from CRAN prior to having your package archived. I don't think I ever
>> had problems with e-mails being delivered from CRAN to GMail, but we
>> can't rule that out.
>>
>> You've obviously made an effort to follow the Rust policy, and I don't
>> see any obvious problems with this part of the package, although I
>> haven't tried it myself to verify the installation working offline from
>> bundled source code.
>>
>> You've also made an effort to list all the authors of the code
>> comprising your package in inst/AUTHORS, which is the right thing to do
>> to avoid making the list of authors in DESCRIPTION long enough to be
>> unreadable.
>>
>> You licensed the package as MIT. Are your dependencies compatible with
>> MIT? All direct dependencies of your Rust code seem to be licensed
>> under either MIT or Apache-2.0, which seems to be compatible. You named
>> the copyright holder of your package as "prqlr authors", which may be a
>> problem. (I think I saw it somewhere that for MIT license, CRAN prefers
>> the copyright holder to be some kind of legal entity: either the legal
>> name of a person, or a company, or something like that.)
>>
>> Could the Rust code or any of the dependencies accidentally write under
>> the user's home directory or take over the terminal or something like
>> that?
>>
>> We might need a response from CRAN after all.
>>
>> -- 
>> Best regards,
>> Ivan
>>
>> ______________________________________________
>> R-package-devel using r-project.org mailing list
>> https://stat.ethz.ch/mailman/listinfo/r-package-devel

More information about the R-package-devel mailing list