On Wed, Dec 3, 2025 at 11:55 AM Martin Maechler <[email protected]> wrote: > > >>>>> Jeroen Ooms > >>>>> on Tue, 2 Dec 2025 22:33:05 +0100 writes: > > > Currently `download.packages()` copies the full `File` > > field from the URL in PACKAGES, including http parameters, > > as the local filename on disk. So for example, if the > > `PACKAGES` file contains > > > Package: jsonlite Version: 2.0.0 File: > > > jsonlite_2.0.0.tar.gz?auth=blabla123&hash=79fad1b6092c1d1cc71e096d02cbc7618837fda1f90b61443f09adc25caab095 > > > Then the file is saved on disk not as > > `jsonlite_2.0.0.tar.gz` but as the full url including `?` > > and `=` and `&` characters which are not supported and > > create corrupt files on some platforms. > > Yes... but why should a "CRAN-like repository" use such file names ?
Such that we can host a "CRAN-like repository" on modern infrastructure that may use this sort of URLs. > I am considering, but still not convinced why it is needed (see above). > Maybe I'm overlooking something ? > Also, I'd have it as a switch (argument) of download.packages() in > order to provide back compatibility [no need for a new patch, though !] The patch should not break functionality; it only fixes an edge case where R would otherwise write to an illegal filename on disk. I am guessing nobody has used this yet so I am not sure what would be the value of back compatibility to ensure R keeps doing this. In either case the fix would only be useful if install.packages() makes use of it. ______________________________________________ [email protected] mailing list https://stat.ethz.ch/mailman/listinfo/r-devel
