On 03/10/2014 04:42 PM, Gábor Csárdi wrote: > On Mon, Mar 10, 2014 at 11:36 AM, Hadley Wickham <h.wick...@gmail.com>wrote: > >>>>> * checking CRAN incoming feasibility ... NOTE >>>>> Maintainer: 'firstname A B lastname ' >>> >>> >>> This is just a Note that reminds CRAN maintainers to check that the >>> submission comes actually from his maintainer and not anybody else. >> >> How does CRAN do that? Seems like a challenging problem given an >> anonymous web form upload. >> > > According to my memories, they send an email to the maintainer's email > address to confirm the upload. If the email address has changed, they send > an email to both the new and old addresses. > > If the old address does not exist any more, then it is tricky indeed, and I > am not sure what you can do in this case. > > Gabor
Besides the effort it would involve, are there reasons why CRAN does not use a stronger package author identification mechanism, like web of trust (which debian uses) or public key infrastructure, and require packages to be signed? > > >> >> Hadley >> >> -- >> http://had.co.nz/ >> >> ______________________________________________ >> R-devel@r-project.org mailing list >> https://stat.ethz.ch/mailman/listinfo/r-devel >> > > [[alternative HTML version deleted]] > > ______________________________________________ > R-devel@r-project.org mailing list > https://stat.ethz.ch/mailman/listinfo/r-devel > -- Edzer Pebesma Institute for Geoinformatics (ifgi), University of Münster Heisenbergstraße 2, 48149 Münster, Germany. Phone: +49 251 83 33081 http://ifgi.uni-muenster.de GPG key ID 0xAC227795
signature.asc
Description: OpenPGP digital signature
______________________________________________ R-devel@r-project.org mailing list https://stat.ethz.ch/mailman/listinfo/r-devel