yutannihilation
commented
1 year ago @jeroen Let me confirm. Are there any way to remove my CRAN package from r-universe?
Closed yutannihilation closed 1 year ago
yutannihilation
commented
1 year ago @jeroen Let me confirm. Are there any way to remove my CRAN package from r-universe?
jeroen
commented
1 year ago Thanks for your raising these concerns.
Part of the purpose of R-universe is a search engine of R packages, including those on CRAN. So if you publish packages on CRAN, they get indexed on r-universe, just like for example you can search for CRAN packages on Google.
The author email address and GitHub org are literally copied from the information that is on the CRAN homepage of that package. Again, this same information can be found via search engines like Google or GitHub or anything else.
Currently there is no good way to prevent r-universe from showing your CRAN package. I'll think about if we can do something similar to a noindex file that you can add to the repo to prevent indexing.
For most people, their email address that you use as maintainer contact information is a public statement of their affiliation, i.e. the organization that they belong to. That is why we show it there. I don't quite understand why you would publish an email address on CRAN if you don't want this to be public. But perhaps we could show the email address less prominently or obfuscate it, to discourage users from using email to contact you. However, the CRAN homepage of your package, where you have published that same email address, is still only one click away.
As most of my OSS activities are unrelated to my company, I want to unlink myself from it. So, I feel uneasy that my r-universe page shows the relationship.
OK I understand, but note that this same information is also publicly visible on github, r-universe is just reflecting this.
One technical solution is to dis-associate your corporate email address with your OSS Github account. I guess that in your email settings you have both your email addresses associated with one account. If you remove the corporate email address here, commits from your corporate email address will no longer be linked to yutannihilation (this won't change any permission settings, it just removes the association between your github username and commits authored by your corporate email address).
jeroen
commented
1 year ago @yutannihilation I have added a rule to the scraper, such that you can opt-out your package by adding this line to your package DESCRIPTION file:
Config/runiverse/noindex: true(Custom field names starting with Config/ are also allowed on CRAN). Can you test if this solves at least part of your concern? Note that it can take 24 hours for the package to disappear from r-universe after you added this rule.
jeroen
commented
1 year ago yutannihilation
commented
1 year ago Thanks so much for the details, and addressing so quickly! I'll try the feature in a week or so. Let me reply quickly.
Part of the purpose of R-universe is a search engine of R packages, including those on CRAN. So if you publish packages on CRAN, they get indexed on r-universe, just like for example you can search for CRAN packages on Google.
I fully agree with you here.
The author email address and GitHub org are literally copied from the information that is on the CRAN homepage of that package. Again, this same information can be found via search engines like Google or GitHub or anything else.
I don't quite understand why you would publish an email address on CRAN if you don't want this to be public.
I do want you to recognize is that this is a matter of degree. My affiliation and my email address are not very secret. But, I'd say they are very different things that it's available on the internet and that it's unavoidably linked to my profile like a digital tatoo (sorry, I couldn't find a right word) even though it's obvious if they watch me carefully.
To be clear, again, I actually feel a bit uneasy, but it's not that I want to hide them very eagerly. I file this issue mainly for discussion before anyone find this more serious.
One technical solution is to dis-associate your corporate email address with your OSS Github account.
Yeah, this was my fault... For historical reason, this is not very easy for me, unfortunately. I admit this is the information I chose to make public (even though it was not very intentional), but, again, this is a matter of degree.
First of all, thank you for working on this great project. I want r-universe a big success (i.e. replacement for CRAN!), so let me post my concern about r-universe includes all CRAN packages without explicit approval.
I saw several CRAN package authors got surprised and seemed uncomfortable when I let them know about r-universe and their repository is already there. The beauty of open source is that we can do anything without explicit approval as long as the license permits, so I believe it's no problem on serving all the packages itself. However, non-code properties should be treated differently.
Let me discuss my case. I feel
are (a kind of?) privacy I don't want to expose broadly even if they all are "public" information in the sense that one can reach if they read my
DESCIPTIONs carefully. But, the email address is not what I'd include if CRAN doesn't require it. By "GitHub organization", I mean my company, which I don't make public on GitHub intentionally. As most of my OSS activities are unrelated to my company, I want to unlink myself from it. So, I feel uneasy that my r-universe page shows the relationship.Also, the GitHub icon is not in the package source, so I believe it's not what you can use without approval. It can be corporate trademark in the case the organization is corporate, which might lead you to legal risk. (Disclaimer: I'm not a legal expert, and the copyright laws are different from the western world, so I might be wrong on this).
Note that some of the problems might because the UI doesn't show any difference between the authors joined at their own will and others. So, it might be improved by some minor change on the UI. I'm not yet sure "showing only opted-in packages" is the best solution at the moment, but I hope you take my concerns into consideration.
Thanks!