On Tue, Oct 25, 2016 at 7:22 PM, Martyn Plummer wrote:
> Thanks Jeroen. The R Foundation has recently formed a working group to
> look into package authentication. There are basically two models. One
> is the GPG based model you describe; the other is to use X.509 as
> implemented in the PKI packa
Thanks Jeroen. The R Foundation has recently formed a working group to
look into package authentication. There are basically two models. One
is the GPG based model you describe; the other is to use X.509 as
implemented in the PKI package. It's not yet clear which way to go but
we are thinking about
I suspected/hoped this was one reason for the new pkg ;-)
I'm *100% in support of this* and will help as much as I can. I can
see if my org (Rapid7) would be willing to be a trusted peer (given my
position it's prbly more like "we will be doing this" vs an ask).
Sonatype may also be willing to be
I would like to propose adding experimental support for including a
PGP signature in R source packages. This would make it possible to
verify the identity of the package author and integrity of the package
sources.
There are two ways to implement this. Assuming GnuPG is on the PATH,
the CMD build
