Review Policy

This policy dictates the process by which R-multiverse reviews and accepts contributed R packages. All contributions must comply with R-multiverse policies, including but not limited to Acceptable Use, Terms of Use, and Code of Conduct.

How review works

When it reviews a new pull request, the bot makes one of three choices:

  1. Merge the pull request to accept the contribution.
  2. Flag the pull request for manual review by a moderator.

Automatic acceptance

The bot automatically accepts the contribution if the author of the pull request:

  1. Is a public member of one of the trusted GitHub organizations listed at https://github.com/r-multiverse/contributions/blob/main/organizations.

and if the pull request itself:

  1. Was created by the GitHub web interface.
  2. Adds new contributed listings to the packages folder.
  3. Does not add, modify, or delete any other files in https://github.com/r-multiverse/contributions.

and if each new contributed listing:

  1. Is a single line of text with a valid HTTPS URL.
  2. Points to an existing public GitHub/GitLab repository.

and if the contributed GitHub/GitLab repository:

  1. Includes a GitHub/GitLab release.
  2. Includes an R package at the top level whose package name is the same as the repository name.
  3. Is listed in the URL field of the corresponding CRAN page (if a package with the same name is on CRAN).

and if the R package:

  1. Attributes ownership and authorship clearly and consistently.
  2. Includes a license from the “Licenses” section at the end of this policy.
  3. Does not have an advisory in the R Consortium Advisory Database.
  4. Is not part of the CRAN mirror at https://github.com/cran.

Manual review

R-multiverse moderators review pull requests that the bot flags for manual review. The moderator inspects the package for compliance with R-multiverse policies, including but not limited to Acceptable Use, Terms of Use, and Code of Conduct. The moderator accepts the contribution if and only if it complies with all policies.

Removal

R-multiverse may remove a package from its own repositories at any time if the package violates R-multiverse policies.

Licenses

The Acceptable Use Policy prohibits packages that “violate any applicable laws, regulations, or third-party rights, including intellectual property rights”. To protect the intellectual property rights of the package owners, each contributed package must have a valid free and open-source (FOSS) license, and the package owners must be correctly attributed. The following is a list of valid open-source licenses that the bot automatically accepts during reviews.