benschneider,

After days of headaches with hard-to-reproduce checks, I really couldn't agree more with the points made here by @omearabrian

https://brianomeara.info/posts/phylotasticruniverse/

eddelbuettel,
@eddelbuettel@mastodon.social avatar

@benschneider @omearabrian

"Math is hard, let's go shopping."

CRAN does an insanely valuable job curating packages along with interoperability. Does it irritate us package authors once in a while? Sure. Does it provide unparalleled guarantees that code "just works"? Pretty much, and as we get that nowhere else I remain a fan. By all means try decamping to "looser" setups if they seem more attractive to you. But in the long run ... quality matters. As does QA.

omearabrian,

@eddelbuettel @benschneider Any repository needs sensible accession and de-accession policies. Any books coming in must be on acid-free paper; oops, beetles are eating that book, it's too risky to keep.

CRAN's intake policies are quirky (≤5 MB?) but fine. But its de-accession policies eliminate guarantees that code just works. If standards change, authors have a few weeks to update or install.packages() will fail. Then pkgs that depend on them will fail.

1/2

omearabrian,

@eddelbuettel @benschneider For example, one of our packages had no issues on Mac, Windows, Linux, R-devel, R-patched, R-release, & R-oldrel. But if compiled with -Wlto-type-mismatch, it had an error

So it was booted from CRAN. Users who couldn't compile it couldn't use it. Its quality was identical to what it was when it was put on CRAN, no security issues, but unavailable

It's like a library tossing a book in all languages b/c a new translation to Klingon could have errors

2/2

geospacedman,
@geospacedman@mastodon.social avatar

@omearabrian @eddelbuettel @benschneider What do you suggest? Let Linux, Mac, and Windows get mypackage-2.0 but Solaris users get mypackage-1.0 until you fix the Solaris problem? But now different OS users have different code, and all that lovely consistency CRAN gives us is gone. Now people wanting to use mypackage or depend on it have two possible versions to support. Stuff breaks. This is not the CRAN way. 1/2

geospacedman,
@geospacedman@mastodon.social avatar

@omearabrian @eddelbuettel @benschneider ...and don't say "Solaris is a minority OS", because it could well be a problem with Linux vs Windows. Imagine my Windows users getting v1.0 and Linux users getting v2.0. From CRAN. When doing the its-worked-for-20-years install.packages("mypackage"). Feel free to use R-universe (I do, for dev things) but enjoy fixing dependency bugs. 2/2

hrbrmstr,
@hrbrmstr@mastodon.social avatar

@geospacedman @omearabrian @eddelbuettel @benschneider @keyboardpipette Any shop not doing their own dependency testing (incl. revdep) is negligent. Nobody should trust unaccountable gatekeepers for anything. I don't care how solid they were 20 years ago.

geospacedman,
@geospacedman@mastodon.social avatar

@hrbrmstr @omearabrian @eddelbuettel @benschneider @keyboardpipette and their own security testing, code review, bug fixing... At that point you don't want to be using other people's code at all.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • random
  • ngwrru68w68
  • DreamBathrooms
  • tacticalgear
  • mdbf
  • InstantRegret
  • magazineikmin
  • Youngstown
  • thenastyranch
  • rosin
  • slotface
  • Durango
  • cubers
  • kavyap
  • cisconetworking
  • JUstTest
  • GTA5RPClips
  • modclub
  • tester
  • khanakhh
  • everett
  • provamag3
  • osvaldo12
  • Leos
  • normalnudes
  • ethstaker
  • megavids
  • anitta
  • lostlight
  • All magazines
    •