Dimitri:
On Thu, Dec 8, 2016 at 10:05 AM, Dimitri Liakhovitski <dimitri.liakhovit...@gmail.com> wrote: > I just thought maybe there is something - about the process of > submitting packages or anything like that - that shows that at least > some diligence is being done to ensure that a given package is not > just a piece of malware from ISIS or Russia. > But if you, Bert, say it's not the case, then I'll believe you. ** I DID NOT SAY THAT *** You asked for **guarantees." R has none. But of course U. Wien checks R packages on submission for malicious code (it is one reason binary submissions are generally not permitted) and R repository servers of course have filters in place. BUT THERE ARE NO GUARANTEES, explicit or implied. Cheers, Bert > > I've asked my question after I received the following email from a > partner company (that is a SaS company): > They are starting to work with R and we are delivering some R code to > them that will run in the background. I mentioned that certain R > packages have to be installed in order for the code to run and got > this: > > "I’m also going to assume that our team will want to vet any package > you request. We’re big fans of open source and leveraging 3rd party > libraries but are keenly aware of the risks in “inviting strangers > into your house”." > > This is why I asked. > So, I guess, my response should be - yes, please, go ahead and "vet" > them any way you want. > Thank you! > > On Thu, Dec 8, 2016 at 12:55 PM, Bert Gunter <bgunter.4...@gmail.com> wrote: >> 1. What does "Safe" mean??? >> >> 2. From the R banner on startup: >> >> "R is free software and comes with ABSOLUTELY NO WARRANTY." >> >> Don't think it could be clearer than that! >> >> Cheers, >> Bert >> >> >> Bert Gunter >> >> "The trouble with having an open mind is that people keep coming along >> and sticking things into it." >> -- Opus (aka Berkeley Breathed in his "Bloom County" comic strip ) >> >> >> On Thu, Dec 8, 2016 at 9:47 AM, Dimitri Liakhovitski >> <dimitri.liakhovit...@gmail.com> wrote: >>> Guys, >>> >>> suddenly, I am being asked for a proof that R packages that are not >>> '"base" are safe. I've never been asked this question before. >>> >>> Is there some documentation on CRAN that discusses how it's ensured >>> that all "official" R packages have been "vetted" and are safe? >>> >>> Thanks a lot! >>> >>> -- >>> Dimitri Liakhovitski >>> >>> ______________________________________________ >>> R-help@r-project.org mailing list -- To UNSUBSCRIBE and more, see >>> https://stat.ethz.ch/mailman/listinfo/r-help >>> PLEASE do read the posting guide http://www.R-project.org/posting-guide.html >>> and provide commented, minimal, self-contained, reproducible code. > > > > -- > Dimitri Liakhovitski ______________________________________________ R-help@r-project.org mailing list -- To UNSUBSCRIBE and more, see https://stat.ethz.ch/mailman/listinfo/r-help PLEASE do read the posting guide http://www.R-project.org/posting-guide.html and provide commented, minimal, self-contained, reproducible code.