[Rd] virus and malicious code

Bert Gunter gunter.berton at gene.com
Mon Aug 6 16:31:43 CEST 2012


... and note additionally, as per section 1.5.3, "Windows External
Software" of the "Writing R Extensions" manual:

"Note that CRAN does not accept submissions of precompiled binaries
due to security
concerns,and does not allow binary executables in source packages."

-- Cheers,
Bert

On Mon, Aug 6, 2012 at 6:39 AM, Uwe Ligges
<ligges at statistik.tu-dortmund.de> wrote:
>
>
> On 06.08.2012 15:09, David L Lorenz wrote:
>>
>> Hi,
>>    A question has come up within a user group about the possibility of
>> viruses or other malicious code being embedded within any package served
>> from CRAN. How much checking is done to guard against this?
>
>
> Of course, CRAN cannot guarantee that packages are free of malicious code,
> otherwise manual inspection of the code of almost 4000 packages with dozens
> of updates and new submissions a day would be necessary.
>
> CRAN does some checks on the precompiled binaries for viruses, but again
> cannot give guarantees. Please use the normal precautions with downloaded
> executables.
>
>
> Best,
> Uwe Ligges
>
>
>
>> I do not
>> expect any kind of response about picking up R code from any other source,
>> like gitHub. Thanks.
>
>
>
>> Dave
>>         [[alternative HTML version deleted]]
>>
>> ______________________________________________
>> R-devel at r-project.org mailing list
>> https://stat.ethz.ch/mailman/listinfo/r-devel
>>
>
> ______________________________________________
> R-devel at r-project.org mailing list
> https://stat.ethz.ch/mailman/listinfo/r-devel



-- 

Bert Gunter
Genentech Nonclinical Biostatistics

Internal Contact Info:
Phone: 467-7374
Website:
http://pharmadevelopment.roche.com/index/pdb/pdb-functional-groups/pdb-biostatistics/pdb-ncb-home.htm



More information about the R-devel mailing list