Apologies for being insufficiently clear. By "a file straight from NOAA" I meant a completely different PDF, <https://www.ncei.noaa.gov/sites/default/files/2022-06/woa18documentation.pdf>, that gives the same SHA-256 hash whether downloaded by VirusTotal <https://www.virustotal.com/gui/url/ebff41f79720bcd2bbccf343874a584f2b3d78f3cd390a19f11b7576c3a38ad1?nocache=1> or me, comes from a supposedly trusted source, and still makes Acrobat Reader behave like it's infected, show a crashed Firefox on the screenshot and drop a number of scary-looking files. Surely there will be a difference between reading an infected file and a non-infected file?
27 января 2024 г. 15:10:53 GMT+03:00, Bob Rudis <b...@rud.is> пишет: >Ivan: do you know what mirror NOAA used at that time to get that version of >the package? Or, did they pull it "directly" from cran.r-project.org >(scare-quotes only b/c DNS spoofing is and has been a pretty solid attack >vector)? ______________________________________________ R-package-devel@r-project.org mailing list https://stat.ethz.ch/mailman/listinfo/r-package-devel
