[R-pkg-devel] False positive antivirus reports on package vignettes
Iñaki Ucar
|uc@r @end|ng |rom |edor@project@org
Tue Feb 18 15:14:10 CET 2025
On Tue, 18 Feb 2025 at 14:05, Dirk Eddelbuettel <edd using debian.org> wrote:
>
>
> Something that had happened to the Rcpp package in the past (but seemingly
> went away on its own ?) is now apparently hitting package RcppArmadillo.
>
> I received private email from the CRAN maintainers reporting, without
> offering a fix as there seems to be none, that one of the two pdf vignettes
> (which I happen to create as a shallow Rnw -> pdf wrapper around a pre-made
> pdf, here that inner pdf had not changed in five years, sigh ...) now upsets
> one of these (idiotic, but hey, I am sure that at least they are very
> expensive) anti-virus checkers.
>
> Has anybody figured out a workaround? I see withdrawing the pdf vignette as
> (simple but bad) route. Or should I just change the (internal, binary) pdf
> payload of the file (hey, one can always update the .bib to newer versions of
> the cited packages) and hope for the best? Any other route?
What happened in Rcpp is that the antivirus were detecting an old
version of ghostscript that could produce potentially vulnerable
outputs. We solved it by rebuilding the vignettes with a newer version
of ghostscript. This is most likely the same issue. I can rebuild them
and send a PR your way if you want.
Best,
Iñaki
>
> Help or tips would be appreciated.
>
> Best, Dirk
>
> --
> dirk.eddelbuettel.com | @eddelbuettel | edd using debian.org
>
> ______________________________________________
> R-package-devel using r-project.org mailing list
> https://stat.ethz.ch/mailman/listinfo/r-package-devel
>
--
Iñaki Úcar
More information about the R-package-devel
mailing list