Thanks Rich and Paul: This gets back to my original comment in this thread. I believe that CRAN repositories simply rely on whatever security software (malware checking, etc.) that the hosts provide; R/CRAN do nothing, as you said. This results in a whole new and almost certainly wholly impracticable level of security protection to validate, so it is doubtful that anything can be done to address the concerns. Again, as you said.
As always, authoritative (dis?) confirmation by R Core experts required to validate by statement. -- Bert On Wed, May 9, 2012 at 11:10 AM, Richard M. Heiberger <r...@temple.edu> wrote: > I spoke to someone in the military who did some investigation. > This is his response > >>> 1. I'm sorry that I don't have anything good to report. The military is >>> cautious with it's networks and I'm no longer able to use R at work. I >>> don't know anything about this registry issue but the show stopper for me >>> even trying to get R on the military network is CRAN. All that r-project >>> checks on contributed applications is if they load (or compile as >>> necessary) >>> cross-platform. I could make an argument for the security of the Core >>> functionality of R but not for the contributed packages. > > > On 5/8/12, Paul Martin <pamar...@alum.mit.edu> wrote: >> >> Kirtland Air Force Base has denied approval for the use of R on its >> Windows network. Some of their objections seem a bit strange, but some >> appear to be legitimate. In particular, they have detected registry >> "vulnerabilities" >> which are detailed in the attachment. >> I know nothing about Windows registry vulnerabilities. If any of these >> issues are >> legitimate concerns, I would like to see them fixed for everyone's >> benefit. >> I would >> appreciate a referral to the appropriate forum for this information. I >> am >> willing >> to assist in getting questions answered and gathering additional >> information. >> Thank you, >> Paul Martin >> Air Force Research Laboratory >> Kirtland Air Force Base >> Albuquerque, New Mexico >> > > ______________________________________________ > R-help@r-project.org mailing list > https://stat.ethz.ch/mailman/listinfo/r-help > PLEASE do read the posting guide http://www.R-project.org/posting-guide.html > and provide commented, minimal, self-contained, reproducible code. -- Bert Gunter Genentech Nonclinical Biostatistics Internal Contact Info: Phone: 467-7374 Website: http://pharmadevelopment.roche.com/index/pdb/pdb-functional-groups/pdb-biostatistics/pdb-ncb-home.htm ______________________________________________ R-help@r-project.org mailing list https://stat.ethz.ch/mailman/listinfo/r-help PLEASE do read the posting guide http://www.R-project.org/posting-guide.html and provide commented, minimal, self-contained, reproducible code.
