Hey All, Once more, Ivan, thank you for your great blog post. I found the https://github.com/hrbrmstr/rdaradar solution and ran it on the 100 most downloaded R packages. Happily, all data/inst rda files are safe/non-exposed to RDS exploit (using the linked solution). Please access my fork for the results https://github.com/Polkas/rdaradar/blob/main/cran_top_results.txt and the run https://github.com/Polkas/rdaradar/blob/main/iter_all.R
It will be great to run it on all CRAN packages, but I imagine we should be sure that the check is decent enough to not overload the servers without a need. KR Maciej Nasinski University of Warsaw On Fri, 3 May 2024 at 12:23, Maciej Nasinski <nasinski.mac...@gmail.com> wrote: > Dear Ivan, > > Your blog post is fantastic and I already start to promote it on LinkedIn > with full credit to you. > > KR > Maciej Nasinski > University of Warsaw > > > On 3 May 2024, at 12:04, Maciej Nasinski <nasinski.mac...@gmail.com> > wrote: > > > > Dear Ivan, > > > > Thank you for such a quick response. > > “It may be worth teaching people that, in general, R data files should be > > as trusted as R code.” I totally agree and that why I wrote that any > code can be dangerous if run without proper scrutiny. > > A few linkedin post generated most probably by Chat GPT (a lot of icons > in them) make a lot of harm lastly. For sure I will try to make a post in > my community and will remind that any code can be dangerous. > > > > BTW. we can limit the possible scan with crandb downloads stats to only > those which have more than x downloads a day:) I image it will be a > demanding project. > > > > KR > > Maciej Nasinski > > University of Warsaw > > > >> On 3 May 2024, at 11:52, Ivan Krylov <ikry...@disroot.org> wrote: > >> > >> It may be worth teaching people that in general, R data files should be > >> as trusted as R code. > [[alternative HTML version deleted]] ______________________________________________ R-package-devel@r-project.org mailing list https://stat.ethz.ch/mailman/listinfo/r-package-devel