Key challenge: Scaling trust?

[dgkf]

Discussed in https://github.com/pharmaR/regulatory-r-repo-wg/discussions/8

Migrated following decision in #20

^{Originally posted by **kkmann** November 16, 2022} Dear all, just sketching a few high-levle thoughts here. To me, a regulatory-ready repository is essentially about scaling trust. Both in terms of leveraging trust into other individuals/organisations assessment of quality and in terms of distributing the burden of QC on as many shoulders as possible. This is necessary to enable both high quality trusted but also up-to-date R package repositories. The benefit to each org is then clear: a risk-based assessment of packages from such a trusted source should lead to the lowest (internal) risk assessment and thus basically be trusted after maybe a quick technical integration check (running vignettes/tests or somethign like this). Both technical approaches (CI/CD) and manual (peer review a la rOpenSci) methods could contribute to this. The right mixture depends on the quality / speed trade-off. For instance, one could require a thorough peer review for new packages; a refresher for every new major version and otherwise stick to technical assessments of metainformation (health checks / riskmetrics). An interesting issue is always the handling of dependencies that are not of primary interest to the repository but core dependencies to packages thereof.

[kkmann]

I don't think this is actionable right now, closing.