Update:
The IT people agreed to test R separately. R is now approved and RStudio
is not.
The folks at RStudio are baffled as to why all those registry entries
are being
recorded. They directed me to the source code which details the known
accesses
to the registry during installation. I have not yet followed the link. I
suspect the
registry vulnerability software is flawed, or perhaps their procedures.
(Are they
installing into a clean image? No idea.)
So, limited progress. I may just move my R work to Linux, where the
rules are
different.
Thank you, everyone.
Paul Martin
On 5/9/2012 12:57 PM, Richard M. Heiberger wrote:
One more item. Have you given a copy of the document
R: Regulatory Compliance and Validation Issues A Guidance Document
for the Use of R in Regulated Clinical Trial Environments
http://www.r-project.org/doc/R-FDA.pdf
to your security office?
It addresses overlapping, not identical, security issues.
Rich
On 5/9/12, Paul Martinpamar...@alum.mit.edu wrote:
I don't have much new to add, but I want to make some clarifying comments:
First, there are clearly workarounds available. I am using one now. R is
installed on a personal laptop which I bring to work every day. I take
extreme care with the nature of the files I move back and forth, and
none of this is classified. This is common practice here. Yes, it would
be nice if I could get R onto my desktop machine at work. It would save
me burning CDs to move plots back and forth. But it's not the end of the
world. My ability to get work done is not the issue here.
The issue is the following: Is there anything her which is of concern to
the R community? I suspect the answer is no, but cannot say anything for
sure at this point.
The registry analysis tool looks like it is custom software developed by
the Air Force. I can't get any specific information beyond that. That is
unfortunate, since it would be nice if the tests could be duplicated and
confirmed.
We will get separate tests on R without RStudio.
The registry analysis reports results in two sections: Registry entries
added and registry entries modified. There were no vulnerabilities found
in the entries modified section. All of the vulnerabilities are listed
under entries added.
I will let you know if I find out anything else. Certainly the isolated
test of the R software without RStudio will be of interest.
Thank you all or your comments,
Paul Martin
On 5/9/2012 10:00 AM, Barry Rowlingson wrote:
Someone said:
Once R is accepted, you could ask for an RStudio test if you want.
I had another thought shortly after my initial email. Suppose yes, R
is accepted. Great. You run R.
Then you think, Oh, I need ggplot2 (yes you do). Do you then have
to get security clearance for every package you want to download from
CRAN?
Barry
__
R-help@r-project.org mailing list
https://stat.ethz.ch/mailman/listinfo/r-help
PLEASE do read the posting guide
http://www.R-project.org/posting-guide.html
and provide commented, minimal, self-contained, reproducible code.
__
R-help@r-project.org mailing list
https://stat.ethz.ch/mailman/listinfo/r-help
PLEASE do read the posting guide http://www.R-project.org/posting-guide.html
and provide commented, minimal, self-contained, reproducible code.
