[R] are R packages safe?

Dimitri Liakhovitski dimitri.liakhovitski at gmail.com
Thu Dec 8 19:05:26 CET 2016


I just thought maybe there is something - about the process of
submitting packages or anything like that - that shows that at least
some diligence is being done to ensure that a given package is not
just a piece of malware from ISIS or Russia.
But if you, Bert, say it's not the case, then I'll believe you.

I've asked my question after I received the following email from a
partner company (that is a SaS company):
They are starting to work with R and we are delivering some R code to
them that will run in the background. I mentioned that certain R
packages have to be installed in order for the code to run and got
this:

"I’m also going to assume that our team will want to vet any package
you request. We’re big fans of open source and leveraging 3rd party
libraries but are keenly aware of the risks in “inviting strangers
into your house”."

This is why I asked.
So, I guess, my response should be - yes, please, go ahead and "vet"
them any way you want.
Thank you!

On Thu, Dec 8, 2016 at 12:55 PM, Bert Gunter <bgunter.4567 at gmail.com> wrote:
> 1. What does "Safe" mean???
>
> 2. From the R banner on startup:
>
> "R is free software and comes with ABSOLUTELY NO WARRANTY."
>
> Don't think it could be clearer than that!
>
> Cheers,
> Bert
>
>
> Bert Gunter
>
> "The trouble with having an open mind is that people keep coming along
> and sticking things into it."
> -- Opus (aka Berkeley Breathed in his "Bloom County" comic strip )
>
>
> On Thu, Dec 8, 2016 at 9:47 AM, Dimitri Liakhovitski
> <dimitri.liakhovitski at gmail.com> wrote:
>> Guys,
>>
>> suddenly, I am being asked for a proof that R packages that are not
>> '"base" are safe. I've never been asked this question before.
>>
>> Is there some documentation on CRAN that discusses how it's ensured
>> that all "official" R packages have been "vetted" and are safe?
>>
>> Thanks a lot!
>>
>> --
>> Dimitri Liakhovitski
>>
>> ______________________________________________
>> R-help at r-project.org mailing list -- To UNSUBSCRIBE and more, see
>> https://stat.ethz.ch/mailman/listinfo/r-help
>> PLEASE do read the posting guide http://www.R-project.org/posting-guide.html
>> and provide commented, minimal, self-contained, reproducible code.



-- 
Dimitri Liakhovitski



More information about the R-help mailing list