CRAN rebuilds binary packages because of (potential) changes in
build-time dependencies. ABI changes, in the loose sense of the term.
E.g. package A can call the shared library of another package B. If
the ABI of B changes, then you need to rebuild A.
AFAICT packages are rebuilt frequently and
Then I argue that the model is wrong. Platforms change all the time, but
package release and package testing are two separate operations. I also guess
it hardly scales. If the number of packages were to increase, you can’t rebuild
and retest them all every time a linux distribution changes
On 16 March 2022 at 14:01, Henrik Bengtsson wrote:
| Related to this, there's also been discussion (here or on R-devel), of
| having `R CMD build` produce identical tarballs when the input doesn't
| change, but the injection of `Packaged: ; ` to the
| `DESCRIPTION` file prevents this. If I
On 16/03/2022 5:01 p.m., Henrik Bengtsson wrote:
Hi,
I think this is a valid concern and feature request, and I believe it
has been raised by others previously on one of our mailing lists.
And what solution or resources for producing one did they offer?
Here's a trivial solution that could
Hello,
Validated software needs to ensure consistency and reproducibility of its
environment, potentially in years' time, when the audit comes. For this reason,
we identify all SHA of the packages we download from CRAN to ensure that the
package has not changed after the fact, something that
