[R-pkg-devel] What to do when a package is archived from CRAN

Uwe Ligges ||gge@ @end|ng |rom @t@t|@t|k@tu-dortmund@de
Mon Aug 28 10:24:47 CEST 2023 

Friends,

CRAN wrote initially to some rust using maintainers:

The CRAN policy on authorship/copyright is very clear:

"(’All components’ includes any downloaded at installation or during use.) "

Please explain how your package complies if you believe it does.

Further, we ask that you use the 'cargo vendor' mechanism to avoid 
downloading during installation and limit the number of CPUs 'cargo 
build' can use during installation.  Both points are covered in 
<https://cran.r-project.org/web/packages/using_rust.html>."




Accepting a package that downloads crates from github happened 
automatically, but incorrectly (a false negative):
All the correspondence we see claims that the submission had bundled the 
rust code, but the version that got archived after publication was 104KB 
and did not.

So please simply follow the mails you got and fix the package folwing 
the "using_rust" documentation.

In addition, it was mentined already to get the authorship straight.

Best,
Uwe Ligges







On 27.08.2023 17:28, SHIMA Tatsuya wrote:
> Hi Tim, thank you for sharing this information. i didn't know this.
> 
> If this is the cause, the problem seems to have been resolved in the 
> latest serde <https://github.com/serde-rs/serde/pull/2590>, so it seems 
> to be possible to deal with it.
> 
> Best,
> Tatsuya
> 
> On 2023/08/27 20:24, Tim Taylor wrote:
>> Could you have been caught out with the precompiled binary that serde 
>> started distributing in a few of it’s versions 
>> (https://github.com/serde-rs/serde/issues/2538)? That could have been 
>> a reason if you pinned a version with it present but only CRAN could 
>> confirm if that was the reason.
>>
>> Tim
>>
>>> On 26 Aug 2023, at 22:22, Ivan Krylov <krylov.r00t using gmail.com> wrote:
>>>
>>> On Sat, 26 Aug 2023 11:46:44 +0900
>>> SHIMA Tatsuya <ts1s1andn using gmail.com> wrote:
>>>
>>>> I noticed that my submitted package `prqlr` 0.5.0 was archived from
>>>> CRAN on 2023-08-19.
>>>> <https://CRAN.R-project.org/package=prqlr>
>>>>
>>>> I submitted prqlr 0.5.0 on 2023-08-13. I believe I have since only
>>>> received word from CRAN that it passed the automated release process.
>>>
>>> Sarah gave a good guess (although there are CRAN packages containing
>>> C++ and Rust code with NOTEs about size of their libs, 18.2Mb is still
>>> a lot), though I do find it strange that you didn't receive anything
>>> from CRAN prior to having your package archived. I don't think I ever
>>> had problems with e-mails being delivered from CRAN to GMail, but we
>>> can't rule that out.
>>>
>>> You've obviously made an effort to follow the Rust policy, and I don't
>>> see any obvious problems with this part of the package, although I
>>> haven't tried it myself to verify the installation working offline from
>>> bundled source code.
>>>
>>> You've also made an effort to list all the authors of the code
>>> comprising your package in inst/AUTHORS, which is the right thing to do
>>> to avoid making the list of authors in DESCRIPTION long enough to be
>>> unreadable.
>>>
>>> You licensed the package as MIT. Are your dependencies compatible with
>>> MIT? All direct dependencies of your Rust code seem to be licensed
>>> under either MIT or Apache-2.0, which seems to be compatible. You named
>>> the copyright holder of your package as "prqlr authors", which may be a
>>> problem. (I think I saw it somewhere that for MIT license, CRAN prefers
>>> the copyright holder to be some kind of legal entity: either the legal
>>> name of a person, or a company, or something like that.)
>>>
>>> Could the Rust code or any of the dependencies accidentally write under
>>> the user's home directory or take over the terminal or something like
>>> that?
>>>
>>> We might need a response from CRAN after all.
>>>
>>> -- 
>>> Best regards,
>>> Ivan
>>>
>>> ______________________________________________
>>> R-package-devel using r-project.org mailing list
>>> https://stat.ethz.ch/mailman/listinfo/r-package-devel
> 
> ______________________________________________
> R-package-devel using r-project.org mailing list
> https://stat.ethz.ch/mailman/listinfo/r-package-devel

More information about the R-package-devel mailing list