FWIW PKI supports signing and verification of tar balls based on X.509
(PKI.sign.tar/PKI.verify.tar) - the aim was to specifically support signing of
packages so we could have infrastructure akin to the Apple developer code
signing where the repository would be the CA (e.g., CRAN, RForge.net, et
> On 15 Oct 2015, at 08:11, Philip Gillißen wrote:
>
> Dear list,
>
> I'm using R in a corporate environment and was interested how R checks
> integrity of packages during an installation.
> I saw (and verified my suspicion in the code[1]) that the verification purely
> relies on MD5.
>> Fro
On Thu, Oct 15, 2015 at 9:11 AM, Philip Gillißen wrote:
> I'm using R in a corporate environment...
That's irrelevant.
> is possible to force R to verify integrity via SHA256 or even OpenPGP
> signatures? If not are there any plans to support better hashes than MD5? As
> the source code looks,
On 15/10/2015 13:32, Michael Felt wrote:
Hi.
Just wanted to let you know I am getting close to packaging R for AIX in
64.bit mode.
Which version? (You mentioned 3.1.3 and 3.2.2 far below.) There is
little value in reporting on frozen branches, and most value in
reporting on R-devel where al
Hi.
Just wanted to let you know I am getting close to packaging R for AIX in
64.bit mode.
One comment - the libtool.m4 I see used is quite old. The one I have on my
system is 2.4.6, and what I see in R says:
I am hoping a new libtool will clean up most of the manual work now needed.
# Which rel
Dear list,
I'm using R in a corporate environment and was interested how R checks
integrity of packages during an installation.
I saw (and verified my suspicion in the code[1]) that the verification purely
relies on MD5.
>From an IT security perspective, this can be improved.
My question is: Is
