[Rd] Proposal to limit Internet access during package load
Blätte, Andreas
@ndre@@@b|@ette @end|ng |rom un|-due@de
Tue Sep 27 18:42:29 CEST 2022
Dear all,
my apologies for a dull question. I think I do understand that unnoticed Internet access requires scrutiny and a more explicit approach.
But I am not sure how this would impact on the practice on many Windows machines to download static libraries from one of the rwinlib repositories? See https://github.com/rwinlib, an approach taken by quite a few packages (src/Makevars.win triggers tools/winlibs.R for downloading a static library).
I am asking because a package I maintain (RcppCWB) uses the approach, and am not sure whether and how the discussion has addressed this scenario. It may not be covered by Iñakis initial three scenario?
Kind regards, Andreas
Am 27.09.22, 10:15 schrieb "R-devel im Auftrag von Iñaki Ucar" <r-devel-bounces using r-project.org im Auftrag von iucar using fedoraproject.org>:
El mar., 27 sept. 2022 4:22, Dirk Eddelbuettel <edd using debian.org> escribió:
>
> Regarding 'system' libraries: Packages like stringi and nloptr download the
> source of, respectively, libicu or libnlopt and build a library _if_ the
> library is not found locally. If we outlaw this, more users may hit a
> brick
> wall because they cannot install system libraries (for lack of
> permissions),
> or don't know how to, or ... These facilities were not added to run afoul
> of
> best practices -- they were added to help actual users. Something to keep
> in
> mind.
Yes, but then IMO Internet access should be explicitly enabled by the user
with a flag. By default, it should be disabled and packages on CRAN should
install as is.
Iñaki
[[alternative HTML version deleted]]
______________________________________________
R-devel using r-project.org mailing list
https://stat.ethz.ch/mailman/listinfo/r-devel
More information about the R-devel
mailing list