[R-sig-Debian] Regarding R_LIBS_USER
Pavel Krivitsky
pavel at uow.edu.au
Thu Jul 6 07:03:44 CEST 2017
Hello,
I just subscribed to the list to join the discussion after being
blindsided by the change and reading Dirk Eddelbuettel's reply to my
bug report at https://bugs.debian.org/866768 .
As far as I can tell the advantages of site library are:
1. Saves disk space and a little bit of user time spent installing and
upgrading.
2. Other Debian package manages, like pip, default to trying to install
to a site library.
However, it seems to me that the case for status quo ante is stronger,
even if the jarring behaviour (asking user whether to create a personal
directory, then failing to do so) is fixed:
1. Correct me if I am wrong, but wouldn't the change make the default
behaviour of R on Debian different from its default behaviour on
other distributions?
2. Site library has no benefit over user library on a single-user
system.
3. Making the site library writeable by default is a severe security
vulnerability, since it enables users to rewrite library code that
will be blindly executed by other users on the system.
4. Making the site library not-writeable by default means that users
relying on site library need to contact an administrator to get a
package installed or upgraded. This seems to me to largely defeat
the benefit of a site library for most systems, since most users
aren't so patient and would just figure out how to use a user
library.
5. The use case where defaulting to installing to site library is most
beneficial---a system shared by few trusted users---is rare compared
to the single-user and the many-untrusted-user systems.
6. There are workarounds, and, indeed, users can always use user
libraries, but the new setup puts the burden of tweaking the system
on the *least skilled* users, whereas the old setup Just Worked for
them (since R 2.5.0).
7. Even in Python and others, the user library takes precedence over
the site library (which, in turn, takes precedence over the dpkg-
installed library). This means that .libPaths() should have the user
library (if it exists) in first position, not as a fallback.
So, overall, I think the change does more harm than good. Am I missing anything?
Best Regards,
Pavel
--
Pavel Krivitsky
Lecturer in Statistics
National Institute of Applied Statistics Research Australia (NIASRA)
School of Mathematics and Applied Statistics | Building 39C Room 154
University of Wollongong NSW 2522 Australia
T +61 2 4221 3713
Web (NIASRA): http://niasra.uow.edu.au/index.html
Web (Personal): http://www.krivitsky.net/research
ORCID: 0000-0002-9101-3362
NOTICE: This email is intended for the addressee named and may contain
confidential information. If you are not the intended recipient, please
delete it and notify the sender. Please consider the environment before
printing this email.
More information about the R-SIG-Debian
mailing list