Le mercredi 18 octobre 2017 10:58:28 UTC+2, Jeroen Demeyer a écrit : > > On 2017-10-18 03:08, William Stein wrote: > > (a) using a broken version of the Python/R/Sage stack that exposes > > them to installing malware > > Is that really the case? I think pip is actually fail-safe in the sense > that it simply refuses to download if OpenSSL is not supported. So there > is no exposure to malware here. > > Does anybody know how this works for R? >
1) There are *currently* http-accessible R repositories. The question is "for how long whal these repositories be mantained and curated ?". 2) The same is true of Bioconductor, R-forge and Omegahat repositories. 3) I have no extensive knowledge of the 11626 (as of today) available R packages in the CRAN repository aind its mirrors. However, I would be deeply surprised if none of them offered or neeeded access to https-only resources, such as distributed databases. 4) There are also a $#i+load of non-CRAN repositories offering not-yet-published packages. Similarly, a number of published works (papers, books, etc...) offer access to non-CRAN repositories of data and complementary analyses. There is no guarantee that these resources are http-accessible. To be unable to *programatically* access these resources from R is (another) pain in the @$$. -- Emmanuel Charpentier -- You received this message because you are subscribed to the Google Groups "sage-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to sage-devel+unsubscr...@googlegroups.com. To post to this group, send email to sage-devel@googlegroups.com. Visit this group at https://groups.google.com/group/sage-devel. For more options, visit https://groups.google.com/d/optout.
