В Tue, 16 Jan 2024 08:47:07 +0000
David Hugh-Jones <davidhughjo...@gmail.com> пишет:

> If I understand correctly, the current procedure is that the client
> downloads every package name from CRAN, and then checks its name is
> unique.

This is not the only check that relies on utils::available.packages().

In particular, strong dependencies are ensured to be present in
mainstream repositories, and the whole strong dependency tree is checked
for packages with FOSS licenses to ensure that their dependencies do not
restrict use.

Additional checks require even more files:

 - src/contrib/PACKAGES.in is checked for CRAN notes on packages
 - src/contrib/Meta/archive.rds is also checked for potential name
   collisions, case-insensitively.
 - src/contrib/Meta/current.rds is checked together with archive.rds
   for update frequency
 - web/packages/packages.rds is checked for maintainer changes

> Wouldn’t it be faster (for both parties) to check name uniqueness
> directly on the server?

The current scheme, if somewhat wasteful, makes it possible to run R
CMD check with any CRAN mirror without making it run any code server
side. (With the small exception of .htaccess to rewrite some paths, but
that should be translatable for other servers like nginx too.)

It's probably not impossible to transmit only data related to the
current package while keeping this property, but recursive dependency
checks in particular will not be easy. I think it's not worth the

Best regards,

R-package-devel@r-project.org mailing list

Reply via email to