On Thu, Dec 8, 2016 at 10:16 AM, Dimitri Liakhovitski <dimitri.liakhovit...@gmail.com> wrote: > Great to know thanks, Bert! > > Do you happen to have a reference that shows that: > -U. Wien checks R packages on submission for malicious code > -R repository servers have filters in place.
No. Ask them -- Bert > > Thanks again! > > On Thu, Dec 8, 2016 at 1:13 PM, Bert Gunter <bgunter.4...@gmail.com> wrote: >> Dimitri: >> >> >> >> >> On Thu, Dec 8, 2016 at 10:05 AM, Dimitri Liakhovitski >> <dimitri.liakhovit...@gmail.com> wrote: >>> I just thought maybe there is something - about the process of >>> submitting packages or anything like that - that shows that at least >>> some diligence is being done to ensure that a given package is not >>> just a piece of malware from ISIS or Russia. >>> But if you, Bert, say it's not the case, then I'll believe you. >> >> ** I DID NOT SAY THAT *** >> >> You asked for **guarantees." R has none. But of course U. Wien checks >> R packages on submission for malicious code (it is one reason binary >> submissions are generally not permitted) and R repository servers of >> course have filters in place. BUT THERE ARE NO GUARANTEES, explicit or >> implied. >> >> Cheers, >> Bert >> >> >> >>> >>> I've asked my question after I received the following email from a >>> partner company (that is a SaS company): >>> They are starting to work with R and we are delivering some R code to >>> them that will run in the background. I mentioned that certain R >>> packages have to be installed in order for the code to run and got >>> this: >>> >>> "I’m also going to assume that our team will want to vet any package >>> you request. We’re big fans of open source and leveraging 3rd party >>> libraries but are keenly aware of the risks in “inviting strangers >>> into your house”." >>> >>> This is why I asked. >>> So, I guess, my response should be - yes, please, go ahead and "vet" >>> them any way you want. >>> Thank you! >>> >>> On Thu, Dec 8, 2016 at 12:55 PM, Bert Gunter <bgunter.4...@gmail.com> wrote: >>>> 1. What does "Safe" mean??? >>>> >>>> 2. From the R banner on startup: >>>> >>>> "R is free software and comes with ABSOLUTELY NO WARRANTY." >>>> >>>> Don't think it could be clearer than that! >>>> >>>> Cheers, >>>> Bert >>>> >>>> >>>> Bert Gunter >>>> >>>> "The trouble with having an open mind is that people keep coming along >>>> and sticking things into it." >>>> -- Opus (aka Berkeley Breathed in his "Bloom County" comic strip ) >>>> >>>> >>>> On Thu, Dec 8, 2016 at 9:47 AM, Dimitri Liakhovitski >>>> <dimitri.liakhovit...@gmail.com> wrote: >>>>> Guys, >>>>> >>>>> suddenly, I am being asked for a proof that R packages that are not >>>>> '"base" are safe. I've never been asked this question before. >>>>> >>>>> Is there some documentation on CRAN that discusses how it's ensured >>>>> that all "official" R packages have been "vetted" and are safe? >>>>> >>>>> Thanks a lot! >>>>> >>>>> -- >>>>> Dimitri Liakhovitski >>>>> >>>>> ______________________________________________ >>>>> R-help@r-project.org mailing list -- To UNSUBSCRIBE and more, see >>>>> https://stat.ethz.ch/mailman/listinfo/r-help >>>>> PLEASE do read the posting guide >>>>> http://www.R-project.org/posting-guide.html >>>>> and provide commented, minimal, self-contained, reproducible code. >>> >>> >>> >>> -- >>> Dimitri Liakhovitski > > > > -- > Dimitri Liakhovitski ______________________________________________ R-help@r-project.org mailing list -- To UNSUBSCRIBE and more, see https://stat.ethz.ch/mailman/listinfo/r-help PLEASE do read the posting guide http://www.R-project.org/posting-guide.html and provide commented, minimal, self-contained, reproducible code.