But has a host of complexities, as previously discussed:
Yes, lots of thoughts. Here's a few:
I think at bare minimum we should consider only showing assessments that are produced by the pkg_cran_remote source. Perhaps we capture the source for each assessment and only show the metric if the source matches available/expected sources. We could also expand the metric table in the assessment information section to offer transparency on all riskmetric assessments and which sources provide them. Perhaps adding a footnote with a link to that table would be helpful.
While it is possible to combine assessments from multiple sources, it comes with a host of problems. I personally would only consider it as a last resort. Also, running assessments on the untarred source presents it own problems. The assessments missing from the CRAN source will run code which poses a problem for the app which may not have the needed dependency packages available.
Long term I think we need to figure out how to allow users to create assessments based on the pkg_install and pkg_source sources. The main issue with these sources is that the environment needs to be able to handle them. For instance, the code coverage assessment is only available when assessing the source code of a package and to get that assessment we would need to be able to run the package tests.
Finally, making it's own issue, consolidating discussion from several open issues!
Would solve, these... maybe more
623
428
491
492
Note: May want to wait for https://github.com/pharmaR/riskmetric/issues/299
But has a host of complexities, as previously discussed:
Originally posted by @Jeff-Thompson12 in https://github.com/pharmaR/riskassessment/issues/623#issuecomment-1680803271