On Sat, 4 May 2024, Maciej Nasinski wrote:
Hey Vladimir,
Thank you for your answer.
GitHub codespaces are "a separate computer" and are free for students and the
educational sector.
Hi Maciej,
What I was suggesting is that instead of encapsulating the application
in a container that r
This is true, and useful.
Many old-school R users are nervous about coming to rely on tools
that are controlled by a company that may rescind that availability in
the future, or may possibly use your code in ways you don't want (I have
not gone all the way through
https://docs.github.com/e
Hey Vladimir,
Thank you for your answer.
GitHub codespaces are "a separate computer" and are free for students and
the educational sector.
The GitHub codespaces are a cloud service that can be created anytime, with
a specific setup behind it (Dockerfile, settings.json, renv.lock, ...).
The machin
On Sat, 4 May 2024, Maciej Nasinski wrote:
Thank you all for the discussion.Then, we should promote "code awareness" and
count on the CRAN Team to continue their great work:)
What do you think about promoting containers?
Nowadays, containers are more accessible, with GitHub codespaces being
On Sat, 4 May 2024 08:09:28 +0200
Maciej Nasinski wrote:
> What do you think about promoting containers?
Containers have an attack surface too, have user experience problems
(how's Docker on Windows?) and may bring in more third-party code than
what you're trying to protect against (whole operat
Thank you all for the discussion.
Then, we should promote "code awareness" and count on the CRAN Team to
continue their great work:)
What do you think about promoting containers?
Nowadays, containers are more accessible, with GitHub codespaces being more
affordable (mostly free for students and th
On Fri, 3 May 2024, Ivan Krylov via R-package-devel wrote:
Dear Maciej Nasinski,
On Fri, 3 May 2024 11:37:57 +0200
Maciej Nasinski wrote:
I believe we must conduct a comprehensive review of all existing CRAN
packages.
Why now? R packages are already code. You don't need poisoned RDS fil
: Friday, May 3, 2024 5:25 PM
To: Ivan Krylov
Cc: r-package-devel@r-project.org
Subject: Re: [R-pkg-devel] Urgent Review of R Packages in Light of Recent RDS
Exploit
I agree with Ivan here. And more generally, R is a fully featured
programming language. You don't need just this one &qu
I agree with Ivan here. And more generally, R is a fully featured
programming language. You don't need just this one "exploit" (though, it
really does feel like a feature to some degree lol!) to be a bad guy with
R.
You can link to a pre-compiled binary (like my team makes for an R package
that co
On Fri, 3 May 2024 18:17:52 +0200
Maciej Nasinski wrote:
> I found the https://github.com/hrbrmstr/rdaradar solution and ran it
> on the 100 most downloaded R packages.
> Happily, all data/inst rda files are safe/non-exposed to RDS exploit
> (using the linked solution).
This is a bit useful - kn
Hey All,
Once more, Ivan, thank you for your great blog post.
I found the https://github.com/hrbrmstr/rdaradar solution and ran it on the
100 most downloaded R packages.
Happily, all data/inst rda files are safe/non-exposed to RDS exploit (using
the linked solution).
Please access my fork for the
Dear Ivan,
Your blog post is fantastic and I already start to promote it on LinkedIn with
full credit to you.
KR
Maciej Nasinski
University of Warsaw
> On 3 May 2024, at 12:04, Maciej Nasinski wrote:
>
> Dear Ivan,
>
> Thank you for such a quick response.
> “It may be worth teaching people
Dear Ivan,
Thank you for such a quick response.
“It may be worth teaching people that, in general, R data files should be
as trusted as R code.” I totally agree and that why I wrote that any code can
be dangerous if run without proper scrutiny.
A few linkedin post generated most probably by Chat
Dear Maciej Nasinski,
On Fri, 3 May 2024 11:37:57 +0200
Maciej Nasinski wrote:
> I believe we must conduct a comprehensive review of all existing CRAN
> packages.
Why now? R packages are already code. You don't need poisoned RDS files
to wreak havoc using an R package.
On the other hand, R dat
I hope this message finds you well.
Following the recent announcement of a vulnerability related to the
RDS exploit in R
(https://hiddenlayer.com/research/r-bitrary-code-execution/).
Recent discussions on social media have raised concerns about the
credibility of the R language. Any code, includin
15 matches
Mail list logo
