@andrie As someone who's been thinking about learning #rustlang specifically for use in #RStats packages (but who has not yet done so and thus isn't sure about what things in this post mean)... how chilling is this? Does this make it really hard to use Rust, slightly hard, or is this just best practice anyway?
@brodriguesco@jonthegeek I've used just enough Rust to be able to write some apps, but haven't yet used Rust inside an R package of my own.
That said, the policy seems reasonable to me. Somebody who might have a strong view on this is @josiah , author of the {valve} package that wraps Rust.
@brodriguesco@jonthegeek@andrie it makes it almost impossible to publish rust based packages on CRAN. Polars will never be on CRAN with this policy. This is like saying you have to include the source code for all R packages you depend upon (and their deps) inside the tarball of your R package. It’s 100% unreasonable and untenable
@jonthegeek@brodriguesco@andrie another way of thinking about this is like not being able to get your dependencies from CRAN and having CRAN handle them. They’re essentially saying they will not use the Rust package manager
@jonthegeek@brodriguesco@andrie they can, though, choose to vendor their own “trusted” cargo crates but that would be silly. A better solution would be to only allow crates directly from crates.io limiting what internet conns are available during build time (which I think they already do?)
@jonthegeek@brodriguesco@andrie at the end of the day this is a bad move for the health and longevity of R as a language. Rust in R packages will be as revolutionary, if not more, than Rcpp is/was.
@josiah@jonthegeek@brodriguesco@andrie FYI, prqlr, one of the package currently on CRAN that contains the Rust source code, has only very simple functionality, but when bundled with the Rust dependencies, its size is 12 MB even at the highest level of compression and does not fit within the 10 MB limit.
@josiah@jonthegeek@andrie@brodriguesco Yep. It seems weird. One should be able to install the underlying software using the normal process supported by the language. For rust, that's installing the dependencies (crates) from the web. Just because rust uses a different repository structure than CRAN, doesn't mean its bad.
@josiah@jonthegeek@andrie@brodriguesco
That's not entirely true. For example openSUSE build service builds packages for openSUSE Linux distribution in an offline environment. No matter if it's Rust or Go, it cannot download dependencies from the internet during build time. Using "cargo vendor" or "go vendor" is normal in such places.
@andrie@jonthegeek@etam@brodriguesco “Source package tarballs should if possible not exceed 10MB” is the part of the CRAN policy that makes this reallyyyy challenging
@heaths@jonthegeek@andrie that indeed surprised me, but I guess the issue is that there’s no long term archive of any code. So if a repo gets deleted, it’s over. I guess that might be the issue?
Add comment