Hi Simon,
Thanks for following up.
I presumed that this was a production issue of some nature, as you had
established the pattern of digitally signing the binaries some time ago.
Thanks again!
Marc
> On Mar 14, 2019, at 9:36 AM, Simon Urbanek
> wrote:
>
> Marc,
>
> thanks, I'm glad that
I agree more or less with both of you in this take!
I really appreciate Apple effort for keep users safe and this is one the
reasons I'm choosing Apple.
However, one not always can install signed software and that doesn't mean you
are directly at risk. You just have to know what are you doing
My point of objection was the disabling all checks in a blanket manner. Since
this forum is read by many people, not everyone may realize the very harmful
implications of that single command.
If you know what you're doing, that's fine, but then you also know that you can
simply use Open and ackn
Marc,
the same is achieved by the hash published by CRAN.
Though, of course, if the developers have a developer account, there is
nothing wrong with using it and even less with reporting the lack of use
of it :-)-O
el
On 2019-03-14 21:49 , Marc Schwartz via R-SIG-Mac wrote:
> Hi,
>
> I am awa
Not Really.
I have been loading R binaries for almost 10 years from CRAN, if not
longer. If the SHA is ok, I don't care about Apple's Nanny mechanism.
And, it still warns on the first run, whether you really want to run a
program downloaded from the Internet.
The correct statement wouldhave b
The version from mac.R-project.org installs fine. CRAN master still has the
unsigned version (recognizable by an MD5 hash starting with fff) at this point.
-pd
> On 14 Mar 2019, at 14:36 , Simon Urbanek wrote:
>
> Marc,
>
> thanks, I'm glad that at least someone pays attention and checks the
[Resending - screenshot was too big]
Actually, the OS does that even if we don't pay attention, so apparently people
just haven't gotten around to upgrade and we haven't had new Mac users
installing 3.5.3 yet. (To a first approximation, that is - some will of course
know how to bypass the signa
Very, very, very bad idea - never ever do that unless you're really happy to
infest your machine with nice viruses and ransomware.
Cheers,
Simon
> On Mar 14, 2019, at 8:43 AM, Dr Eberhard W Lisse wrote:
>
> Try from the commandline
>
> sudo spctl --master-disable
>
> and then install the pa
Marc,
thanks, I'm glad that at least someone pays attention and checks the signature
;). I'm surprised my machine didn't raise a flag - I did test the image locally
from the master URL before releasing.
I have now updated the package to be signed, it is identical content, just
signed. You can
Hi,
I am aware of the workaround, both from the CLI and via System Preferences.
The question is more about confirming that the binary is valid and from a
source that is trusted, which is the point of digitally signing binaries as a
trusted Apple developer.
Thanks,
Marc
> On Mar 14, 2019, at
Try from the commandline
sudo spctl --master-disable
and then install the package
el
Sent from Dr Lisse's iPad mini 4
On 14 Mar 2019, 21:18 +0900, Marc Schwartz via R-SIG-Mac
, wrote:
> Hi,
>
> I just tried to install the R 3.5.3 macOS binary from CRAN.
>
> The SHA hash matches what is on CRAN
Hi,
I just tried to install the R 3.5.3 macOS binary from CRAN.
The SHA hash matches what is on CRAN, but I get an unknown developer message
when I try to install.
I get:
pkgutil --check-signature R-3.5.3.pkg
Package "R-3.5.3.pkg":
Status: no signature
I rechecked the 3.5.2 binary and do
12 matches
Mail list logo