On 11/20/25 19:27, Ben Bolker wrote:
One caveat: I think CRAN/Bioconductor mirrors will be self-contained
if you're installing *binary* packages, but I wouldn't rule out the
possibility that installations from source could also download material
from other URLs as part of the install process ...
There are (arrow is one of them that I know of). Other might also
require downloading stuff during use (tinytex for example).
On 2025-11-20 1:01 p.m., Bert Gunter wrote:
Yup. And if I understand correctly, "mirrors" are mirrors -- i.e. they
will
all contain exactly the same content once any updates have a chance to
percolate through. Hence, choosing just one each of a CRAN and
Bioconductor
mirror should suffice, with perhaps a backup should one or the other go
down for some reason. For security reasons, I would stay away from Github
or any other repository not listed in the official CRAN listing that
Chris
provided. As I understand it, all of these mirrors are self-contained and
would not contain dependencies that go outside CRAN. **
** If any of the above is wrong or requires clarification, please post a
correction. **
Cheers,
Bert
On Thu, Nov 20, 2025 at 9:12 AM Chris Ryan <[email protected]>
wrote:
That's a tall order.
I'm no expert, but I believe you can specify what CRAN mirror to use
when obtaining packages. I don't know if an institution could restrict a
user to using just one of them.
Here is a list of CRAN mirrors:
https://cran.r-project.org/mirrors.html
I've never used Bioconductor, but here is a list of mirrors:
https://bioconductor.org/about/mirrors/
--Chris Ryan
Jyoti Prajapati wrote:
Dear R Team,
I am currently setting up R in the Bank of Baroda environment, and as
part
of the security process, I need to request whitelisting of all
URLs/domains
required for installing R packages (including dependencies).
To complete this request, I kindly ask you to please share the *full
list
of URLs, domains, CRAN/Bioconductor mirrors, GitHub links, and any
other
repositories* that R connects to during installation and updating of
packages.
Once I receive the list, I will forward it to the Network/IT Security
team
for whitelisting.
Requesting your support in providing this information at the earliest.
Thank you.
Regards,
*Jyoti Prajapati*
Manager – Model Validation
Risk Management Department
Bank of Baroda
[[alternative HTML version deleted]]
______________________________________________
[email protected] mailing list -- To UNSUBSCRIBE and more, see
https://stat.ethz.ch/mailman/listinfo/r-help
PLEASE do read the posting guide
https://www.R-project.org/posting-guide.html
and provide commented, minimal, self-contained, reproducible code.
______________________________________________
[email protected] mailing list -- To UNSUBSCRIBE and more, see
https://stat.ethz.ch/mailman/listinfo/r-help
PLEASE do read the posting guide
https://www.R-project.org/posting-guide.html
and provide commented, minimal, self-contained, reproducible code.
[[alternative HTML version deleted]]
______________________________________________
[email protected] mailing list -- To UNSUBSCRIBE and more, see
https://stat.ethz.ch/mailman/listinfo/r-help
PLEASE do read the posting guide https://www.R-project.org/posting-
guide.html
and provide commented, minimal, self-contained, reproducible code.
______________________________________________
[email protected] mailing list -- To UNSUBSCRIBE and more, see
https://stat.ethz.ch/mailman/listinfo/r-help
PLEASE do read the posting guide https://www.R-project.org/posting-guide.html
and provide commented, minimal, self-contained, reproducible code.
