r instances could be
>> detected. Please contact the CRAN team if you have any such information and
>> we can take it from there.
>>
>> As you hinted yourself - there is no such thing as absolute safety - as
>> the webp exploits have illustrated very clearly a simple imag
The current one on CRAN does get flagged for some low-level Sigma rules b/c
of one of way a few URLs interact. I don't know if f-secure is
pedantic enough to call that malicious (it probably is, though). The
*current* PDF is "fine".
There is a major problem with the 2020 version. The file Iñaki's
I would personally like something like an Android/iOS permissions
required/requested manifest document describing what the pkg needs
with R doing what it can to enforce said permissions. R would be
breaking some ground in this space, but it does that regularly in many
respects. Yes, I know I just
FWIW {stringi} has %+% for this functionality (and I occasionally use
it), tho I do enough processing of quite ughly string content that I
pretty much always have {stringi} loaded. That may not be true for
many other folks.
On Fri, Dec 10, 2021 at 2:07 PM Grant McDermott wrote:
>
> Sorry I
Hey folks,
If you haven't heard abt the log4j vuln from Friday yet, I envy you
and def want to know how you managed to do that.
For folks who develop Java-backed packages, pls be aware there's an
arbitrary code execution issue with log4j v2 <= 2.15.0 (NOTE log4j v1
1.x are not impacted).
Thanks
base::icuSetCollate might be what you need. There are some decent
examples in the manual page on it.
On Tue, Jan 19, 2021 at 7:30 AM Thierry Onkelinx via R-devel
wrote:
>
> Dear Peter,
>
> Thanks for the feedback on the locale. Is there a better alternative for
> the C locale? One that yields a
I was going to offer my opine on security risks but some prominent R folks
tend to woefully inaccurately knee-jerk/react badly to my 25+ year expert
opinion on such things and create childish website verbiage to show their
lack of maturity (who knew random developers can become security experts
Translation subdomain is also expired.
https://rud.is/r-project-cert-status/
> On Aug 19, 2020, at 13:35, Toby Hocking wrote:
>
> Hi win-builder certificate expired on Aug 15. My student on the other side
> of the world is also seeing this problem so I think it needs to be fixed...
>>
The browsers still shouldn't trust it. The CA cert is expired.
On Sat, May 30, 2020 at 5:23 PM Bob Rudis wrote:
>
> I've updated the dashboard (https://rud.is/r-project-cert-status/)
> script and my notifier script to account for the entire chain in each
> cert.
>
> On Sat, Ma
I've updated the dashboard (https://rud.is/r-project-cert-status/)
script and my notifier script to account for the entire chain in each
cert.
On Sat, May 30, 2020 at 5:16 PM Bob Rudis wrote:
>
> # A tibble: 13 x 1
>site
>
> 1 beta.r-project.org
> 2 bugs.r-pro
It's the top of chain CA cert, so browsers are being lazy and helpful
to humans by (incorrectly, albeit) relying on the existing trust
relationship.
libcurl (et al) is not nearly as forgiving.
On Sat, May 30, 2020 at 5:01 PM peter dalgaard wrote:
>
> Odd. Safari has no problem and says
www.cran.r-project.org
13 www.r-project.org
is the whole list b/c of the wildcard cert.
On Sat, May 30, 2020 at 5:07 PM Bob Rudis wrote:
>
> It's the top of chain CA cert, so browsers are being lazy and helpful
> to humans by (incorrectly, albeit) relying on the existing trust
>
Yep. It should switch to Let's Encrypt with the automated cert renewals ASAP.
On Sat, May 30, 2020 at 4:17 PM Gábor Csárdi wrote:
>
> On macOS 10.15.5 and R-devel:
>
> > download.file("https://www.r-project.org;, tempfile())
> trying URL 'https://www.r-project.org'
> Error in
Reproduced on latest Catalina beta and R 4.0.0 and latest RStudio
devel build (it crashes the session).
On Tue, May 19, 2020 at 7:39 AM Gu, Zuguang wrote:
>
> Hi,
>
>
> I found in grid package, if the graphic parameters have zero length, R
> crashes. In the
>
> following code, I only tested
Can you provide a bit more context? I just grabbed the pkg source from CRAN and
it builds fine.
$ clang --version
Apple clang version 11.0.3 (clang-1103.0.32.59)
Target: x86_64-apple-darwin19.5.0
Thread model: posix
InstalledDir:
As someone who is in cybersecurity as their $DAYJOB and who runs macOS as their
primary OS (tho I pretty much run them all in one way, shape or form), I'd
suggest:
- relying heavily on Gatekeeper/Xprotect (the built-in anti-malware solution
that comes with macOS, provided you keep updating the
to be fairly
straightforward to resolve but it's going to take a bit longer than "this
week", but I'm not rescinding the volunteering.
-Bob
> On Sep 29, 2019, at 17:19, Bob Rudis wrote:
>
> Or, a crazy person (me) cld volunteer to keep this running and get it back on
> CRAN.
&
Or, a crazy person (me) cld volunteer to keep this running and get it back on
CRAN.
I fixed the severe warning and also added C-side registration code.
The pkg is monolithic but the C code is super straightforward (a is the R code).
Unless someone can think of a reason not to, I can submit
Not sure if you're using just C++ or Rcpp for C++ access but
https://purrple.cat/blog/2018/10/14/altrep-and-cpp/ has some tips on using C++
w/ALTREP.
> On Sep 23, 2019, at 3:17 PM, Wang Jiefei wrote:
>
> Sorry for post a lot of things, for the first part of code, I copied my C++
> iter macro
On Mon, Jul 15, 2019 at 5:54 AM Martin Maechler
wrote:
>
> >>>>> Bob Rudis
> >>>>> on Tue, 9 Jul 2019 14:24:24 -0400 writes:
>
> > The addition of a single line:
> >
>
> > at in the of the R HTML generated manuals
The addition of a single line:
at in the of the R HTML generated manuals would make them much easier to
read on mobile devices.
texi2any (which generates the HTML files) is based on long-working Perl code
that includes many modern HTML elements but does not include this one.
A Perl
the release branch)
>
> The timestamp checking code is still present in R-devel. I presume something
> needs to be done about the breakage.
>
> - pd
>
>> On 7 Mar 2019, at 14:38 , Bob Rudis wrote:
>>
>> It's fixed in the RC that's GA on the 11th.
>>
>> I think
It's fixed in the RC that's GA on the 11th.
I think perhaps "stealth fixed" may be more appropro since it's not in SVN
logs, Bugzilla nor noted prominently in any of the various NEWS* files.
Then there's the "why was the core R installation using a third party,
non-HTTPS site for this to begin
I believe you've got _some_ time. As of the changes in 3.4.0 the verbiage is:
R CMD check --as-cran now NOTEs if the package does not register
its native routines or does not declare its intentions on (native)
symbol search. (This will become a WARNING in due course.)
And I think it's
I suspected/hoped this was one reason for the new pkg ;-)
I'm *100% in support of this* and will help as much as I can. I can
see if my org (Rapid7) would be willing to be a trusted peer (given my
position it's prbly more like "we will be doing this" vs an ask).
Sonatype may also be willing to be
(didn't know where else to post this, but pkg authors seemed to be a
good group to run this by)
Some folks may know I work in cybersecurity and my org's been talking
with the curl/libcurl community regarding:
https://curl.haxx.se/mail/lib-2016-10/0076.html
TLDR: there's a new libcurl/curl coming
Since there has been a recent tweak to the functionality of
Sys.setFileTime() I thought it might be an opportune time to ask a question
regarding the decision to set both access and modification times
(i.e. settime.actime = settime.modtime = (int)ftime; ) vs provide a
parameter for each.
Might it
I've had a TODO on the list for a while to produce a daily R-devel binary
build for macOS since I have some spare macOS compute cycles available. If
there's sufficient interest I can copy the build setup and start generating
them. I'm also a registered Apple developer so can make signed binaries
You're then asking CRAN to violate your "ideal contract" w/r/t compiler
switching inside src/Makevars since CRAN needs to setup and produce
standard, predictable, repeatable builds, including binary generation for
two platforms (much to Dirk's chagrin, there _are_ other operating systems
besides
I'm not sure where Jeroen is on this - https://github.com/jeroenooms/ssh -
but it might make more sense to dovetail off of it than rely on binaries
being available on systems. That's doable, but (IMO) fraught with peril.
On Fri, Sep 16, 2016 at 4:53 PM, William May wrote:
libcurl (which the RCurl & curl packages are built on) do not inherently
have retry or resume partial capabilities, but those could be packaged up
into a "robustdownloader" package. There's no guarantee of wget or curl
binaries being on a system (especially Windows, even with an Rtools
Hear! Hear! +100 for the shout out to the CRAN volunteers. Some of the most
unsung heroes of the R universe.
On Mon, Aug 22, 2016 at 5:16 AM, Henrik Bengtsson <
henrik.bengts...@gmail.com> wrote:
> An additional 1000 packages have been added to CRAN. This time, it
> took less than 6 months.
Aye. I rly need to get back to my security & privacy "R" post. The
slipstreaming in of these binaries is somewhat frightening. Almost as
frightening as being stuck on Windows
On Sat, Aug 13, 2016 at 13:09 Dirk Eddelbuettel wrote:
>
> I don't think there is a good "generally
Hey folks,
I usually stare in awe at the C-backed packages that rely on eternal
libraries which are super-easy to get working on macOS & *nix _but_ that
also work perfectly on Windows. I fire up Windows (*maybe*) once a month to
test some of my packages but I'm curious as to what I need to do to
have you tried seeing if `dplyr::if_else` behaves more to your liking?
On Sat, Aug 6, 2016 at 10:20 AM Martin Maechler
wrote:
> Dear R-devel readers,
> ( = people interested in the improvement and development of R).
>
> This is not the first time that this topic is
mund.de> wrote:
> CRAN will follow up with the package maintainer.
>
> Best,
> Uwe Ligges
>
>
>
> On 04.08.2016 10:50, peter dalgaard wrote:
>>
>>
>> On 04 Aug 2016, at 05:21 , Dirk Eddelbuettel <e...@debian.org> wrote:
>>
>>>
>
I came across https://cran.rstudio.com/web/packages/boxoffice/index.html
in CRAN today and while I don't expect CRAN to be a legal authority,
should there not be some kind of policy for excluding R packages that
deliberately violate (data) site ToS? (I'm asking this here vs sending
a note to CRAN
I would hope CRAN would let this in with some validation (even to the
point of it possibly adding a new field to DESCRIPTION). It may never
run on Slolaris or Plan 9, and I - who now runs a CRAN mirror in the
hopes to eventually have a MacBuilder equivalent service at some point
in the near future
Try looking at the source for tools:::.news_reader_default and then tools::toRd
On Wed, Oct 7, 2015 at 8:37 PM, Henrik Bengtsson
wrote:
> Hi,
>
> I'm looking for a parser of the plain text NEWS format (not the
> NEWS.Rd format) - ideally the same on that is used by R
39 matches
Mail list logo