[Rd] linking to package directories broken in R >= 2.10 beta
Duncan Murdoch
murdoch at stats.uwo.ca
Sun Oct 18 22:28:52 CEST 2009
On 17/10/2009 1:57 PM, Thomas Petzoldt wrote:
> Duncan Murdoch wrote:
>> Thomas Petzoldt wrote:
>
> [...]
>
>>> This is fine, but in contrast to older versions (<= 2.9.2) no
>>> automatic index is created for the linked directory, so we now get:
>>>
>>>
>>> "URL /library/foo/examples/ was not found"
>>>
>>> but linking to *individual files* (e.g. examples/example.R) works as
>>> expected. We can, of course, add manually maintained index files
>>> but I would much prefer if a default index would be created for the
>>> directory if no index.html is found.
>>>
>> By "index" in R <= 2.9.2, you mean the default directory listing
>> produced by the web server, rather than something produced by R,
>> right?
>
> Yes, I mean the default directory listing produced by (most) web servers.
>
>> The R server does that now if the directory is named "doc", but not
>> for an arbitrary path. We are concerned about security: any user on
>> your system who can guess your port number can access your help
>> system, so we want to be sure that such users can't access private
>> files.
>
>
> Hmm, I see and have some tendency to understand that this may be an
> issue for certain multi-user systems. Looking into the svn log (and
> compiling R) it appears that the remaining possibilities where also
> regarded as security issue and are now locked down too.
>
> Well, I'm not yet completely convinced that this was a good idea.
>
> 1) It does not completely solve security issues; what is so different
> between the library/foo/doc and library/foo/examples ???
The doc directory is known to be visible. It might surprise someone if
arbitrary directories were visible, and readable by any user.
> 2) The change will introduce additional work for package authors
> that used internal links within their packages. I can, of course,
> reorganize everything below doc, e.g. /library/foo/doc/examples ... but
> this means that these things are even more hidden.
Why would someone know to look in .../examples? Just update whatever
hint you gave them to look there, and tell them to look in
.../doc/examples instead. I don't think it's likely that most people
would discover either directory without a hint somewhere. If they were
looking for examples, they'd look in the documented places, the Examples
section of man pages, or in the vignettes.
> 3) However, according to the changed R-Exts, it was obviously decided
> that this was necessary, so *I* will do the required reorganization.
I think it was not so much a decision that this was necessary, as that
it was prudent.
Duncan Murdoch
>
> I hope that other package authors accept this change of the rules too.
>
> Nevertheless, thank you very much for the new help system.
>
> Thomas P.
>
> ______________________________________________
> R-devel at r-project.org mailing list
> https://stat.ethz.ch/mailman/listinfo/r-devel
More information about the R-devel
mailing list