Great to know thanks, Bert! Do you happen to have a reference that shows that: -U. Wien checks R packages on submission for malicious code -R repository servers have filters in place.
Thanks again! On Thu, Dec 8, 2016 at 1:13 PM, Bert Gunter <bgunter.4...@gmail.com> wrote: > Dimitri: > > > > > On Thu, Dec 8, 2016 at 10:05 AM, Dimitri Liakhovitski > <dimitri.liakhovit...@gmail.com> wrote: >> I just thought maybe there is something - about the process of >> submitting packages or anything like that - that shows that at least >> some diligence is being done to ensure that a given package is not >> just a piece of malware from ISIS or Russia. >> But if you, Bert, say it's not the case, then I'll believe you. > > ** I DID NOT SAY THAT *** > > You asked for **guarantees." R has none. But of course U. Wien checks > R packages on submission for malicious code (it is one reason binary > submissions are generally not permitted) and R repository servers of > course have filters in place. BUT THERE ARE NO GUARANTEES, explicit or > implied. > > Cheers, > Bert > > > >> >> I've asked my question after I received the following email from a >> partner company (that is a SaS company): >> They are starting to work with R and we are delivering some R code to >> them that will run in the background. I mentioned that certain R >> packages have to be installed in order for the code to run and got >> this: >> >> "I’m also going to assume that our team will want to vet any package >> you request. We’re big fans of open source and leveraging 3rd party >> libraries but are keenly aware of the risks in “inviting strangers >> into your house”." >> >> This is why I asked. >> So, I guess, my response should be - yes, please, go ahead and "vet" >> them any way you want. >> Thank you! >> >> On Thu, Dec 8, 2016 at 12:55 PM, Bert Gunter <bgunter.4...@gmail.com> wrote: >>> 1. What does "Safe" mean??? >>> >>> 2. From the R banner on startup: >>> >>> "R is free software and comes with ABSOLUTELY NO WARRANTY." >>> >>> Don't think it could be clearer than that! >>> >>> Cheers, >>> Bert >>> >>> >>> Bert Gunter >>> >>> "The trouble with having an open mind is that people keep coming along >>> and sticking things into it." >>> -- Opus (aka Berkeley Breathed in his "Bloom County" comic strip ) >>> >>> >>> On Thu, Dec 8, 2016 at 9:47 AM, Dimitri Liakhovitski >>> <dimitri.liakhovit...@gmail.com> wrote: >>>> Guys, >>>> >>>> suddenly, I am being asked for a proof that R packages that are not >>>> '"base" are safe. I've never been asked this question before. >>>> >>>> Is there some documentation on CRAN that discusses how it's ensured >>>> that all "official" R packages have been "vetted" and are safe? >>>> >>>> Thanks a lot! >>>> >>>> -- >>>> Dimitri Liakhovitski >>>> >>>> ______________________________________________ >>>> R-help@r-project.org mailing list -- To UNSUBSCRIBE and more, see >>>> https://stat.ethz.ch/mailman/listinfo/r-help >>>> PLEASE do read the posting guide >>>> http://www.R-project.org/posting-guide.html >>>> and provide commented, minimal, self-contained, reproducible code. >> >> >> >> -- >> Dimitri Liakhovitski -- Dimitri Liakhovitski ______________________________________________ R-help@r-project.org mailing list -- To UNSUBSCRIBE and more, see https://stat.ethz.ch/mailman/listinfo/r-help PLEASE do read the posting guide http://www.R-project.org/posting-guide.html and provide commented, minimal, self-contained, reproducible code.
