Hi Uwe, thanks for the summary of the background.
Let me ask you a few questions about a couple of points.
> Accepting a package that downloads crates from github
I don't think prqlr 0.5.0 downloads crates on GitHub.
prqlr <= 0.4.0 use crate on GitHub which I patched to support old Rust
on Debian <https://github.com/PRQL/prql/pull/1561>, but with 0.5.0 I
switched to installing from crates.io completely.
(This was made possible because Debian recently upgraded Rust for the
first time in six months.)
> All the correspondence we see claims that the submission had bundled
the rust code, but the version that got archived after publication was
104KB and did not.
I am aware that in the first submission of prqlr 0.5.0, the size of the
source was 12MB due to the vendoring all Rust dependent crates and CRAN
pointed out the size of 12MB as a reason for rejection.
That is why in my second submission I wrote the following comment that I
had removed the vendoring tarball.
> To reduce package size on CRAN, it does not vendor dependent Rust crates.
https://github.com/eitsupi/prqlr/pull/161/commits/9aba66647fa5e48da0a5983643a4df001721b3f7#diff-cf8c1cd4cfb6a9ceb5ba522a5711321831948fea41fbb0cd9f799506c7caca1bR22-R27
In other words, I did not claim to have bundled the Rust code.
And that second submission was accepted by CRAN and I have not received
any further messages from CRAN.
I am aware that the CRAN policy says that we can ask CRAN for permission
to download from the internet.
I intended to ask for that in this comment.
If I am doing this wrong, what should I do?
Thanks for reading this.
Best,
Tatsuya
On 2023/08/28 17:24, Uwe Ligges wrote:
Friends,
CRAN wrote initially to some rust using maintainers:
The CRAN policy on authorship/copyright is very clear:
"(’All components’ includes any downloaded at installation or during
use.) "
Please explain how your package complies if you believe it does.
Further, we ask that you use the 'cargo vendor' mechanism to avoid
downloading during installation and limit the number of CPUs 'cargo
build' can use during installation. Both points are covered in
<https://cran.r-project.org/web/packages/using_rust.html>."
Accepting a package that downloads crates from github happened
automatically, but incorrectly (a false negative):
All the correspondence we see claims that the submission had bundled
the rust code, but the version that got archived after publication was
104KB and did not.
So please simply follow the mails you got and fix the package folwing
the "using_rust" documentation.
In addition, it was mentined already to get the authorship straight.
Best,
Uwe Ligges
On 27.08.2023 17:28, SHIMA Tatsuya wrote:
Hi Tim, thank you for sharing this information. i didn't know this.
If this is the cause, the problem seems to have been resolved in the
latest serde <https://github.com/serde-rs/serde/pull/2590>, so it
seems to be possible to deal with it.
Best,
Tatsuya
On 2023/08/27 20:24, Tim Taylor wrote:
Could you have been caught out with the precompiled binary that
serde started distributing in a few of it’s versions
(https://github.com/serde-rs/serde/issues/2538)? That could have
been a reason if you pinned a version with it present but only CRAN
could confirm if that was the reason.
Tim
On 26 Aug 2023, at 22:22, Ivan Krylov <krylov.r...@gmail.com> wrote:
On Sat, 26 Aug 2023 11:46:44 +0900
SHIMA Tatsuya <ts1s1a...@gmail.com> wrote:
I noticed that my submitted package `prqlr` 0.5.0 was archived from
CRAN on 2023-08-19.
<https://CRAN.R-project.org/package=prqlr>
I submitted prqlr 0.5.0 on 2023-08-13. I believe I have since only
received word from CRAN that it passed the automated release process.
Sarah gave a good guess (although there are CRAN packages containing
C++ and Rust code with NOTEs about size of their libs, 18.2Mb is still
a lot), though I do find it strange that you didn't receive anything
from CRAN prior to having your package archived. I don't think I ever
had problems with e-mails being delivered from CRAN to GMail, but we
can't rule that out.
You've obviously made an effort to follow the Rust policy, and I don't
see any obvious problems with this part of the package, although I
haven't tried it myself to verify the installation working offline
from
bundled source code.
You've also made an effort to list all the authors of the code
comprising your package in inst/AUTHORS, which is the right thing
to do
to avoid making the list of authors in DESCRIPTION long enough to be
unreadable.
You licensed the package as MIT. Are your dependencies compatible with
MIT? All direct dependencies of your Rust code seem to be licensed
under either MIT or Apache-2.0, which seems to be compatible. You
named
the copyright holder of your package as "prqlr authors", which may
be a
problem. (I think I saw it somewhere that for MIT license, CRAN
prefers
the copyright holder to be some kind of legal entity: either the legal
name of a person, or a company, or something like that.)
Could the Rust code or any of the dependencies accidentally write
under
the user's home directory or take over the terminal or something like
that?
We might need a response from CRAN after all.
--
Best regards,
Ivan
______________________________________________
R-package-devel@r-project.org mailing list
https://stat.ethz.ch/mailman/listinfo/r-package-devel
______________________________________________
R-package-devel@r-project.org mailing list
https://stat.ethz.ch/mailman/listinfo/r-package-devel
______________________________________________
R-package-devel@r-project.org mailing list
https://stat.ethz.ch/mailman/listinfo/r-package-devel
