Agreed. R-project.org and mirrors should be using https. Billy On 17 Apr 2015 06:26, "Dan Tenenbaum" <dtene...@fredhutch.org> wrote:
> > > ----- Original Message ----- > > From: "Matt Younce" <matt_you...@cinfin.com> > > To: r-devel@r-project.org > > Sent: Thursday, April 16, 2015 9:32:04 AM > > Subject: [Rd] Does (will) CRAN provide consistent integrity verification > > > > Intended Audience: CRAN administrators, maintainers and R Package > > Developers. > > Does anyone know of consistent methods (or plans for near future) to > > verify integrity of downloaded R package binaries from CRAN? > > The purpose is to foster a high degree of trust in the validity of > > downloaded binaries from CRAN. > > For example Apache projects mostly provide something like MD5, SHA1, > > SHA256, or signing with GnuPG, etc., as in > > http://www.apache.org/dev/release-signing. > > And all of this is probably irrelevant unless packages can be downloaded > over HTTPS. > > Dan > > > > I have noticed that several R package zip files do contain MD5 > > strings, but not all do, and not as a separate download link. > > Besides, MD5 is not the preferred method. > > What role in the administration of CRAN would be best positioned to > > guide and assist R package developers (and/or repository > > administrators) to provide a simple reliable method? > > Without such features, the alternatives for many risk adverse > > entities would be to resort to vendor releases of R which can be > > cost prohibitive. > > Several recent articles underscore the need is here now, so I am > > hoping (and probably a growing number are also hoping) there is some > > way to currently or easily achieve this without resorting to a big > > dollar vendor. > > Thanks very much for your help, > > Matt Younce > > > > > > [[alternative HTML version deleted]] > > > > ______________________________________________ > > R-devel@r-project.org mailing list > > https://stat.ethz.ch/mailman/listinfo/r-devel > > > > ______________________________________________ > R-devel@r-project.org mailing list > https://stat.ethz.ch/mailman/listinfo/r-devel > [[alternative HTML version deleted]] ______________________________________________ R-devel@r-project.org mailing list https://stat.ethz.ch/mailman/listinfo/r-devel
