[R] What might be the security issues from installing R?

Barry Rowlingson b.rowlingson at lancaster.ac.uk
Tue Dec 29 00:37:07 CET 2009

On Mon, Dec 28, 2009 at 6:23 PM, Peterson, Eric B. <ebpeterson at usbr.gov> wrote:

> My guess is that we may run into problems due to R being open-source, leading to a potential perception that the code might be poorly controlled. This could be further complicated by the need for downloading additional open-source packages.  At present, I am not aware of any open source software that has passed through the approval process, though I am also not aware of any policy against open-source.

 The 'Core' of R is code committed (and therefore 'controlled') by a
smallish group of  people:


 The real problem would come when you start adding additional packages
from CRAN or R-forge or some other source. These are written by
hundreds or possibly thousands of people.

 I've not heard of any malicious code ever being found in an R
package, but maybe one day I'll sneak a back-door server into one of
mine and see how long before it gets spotted. I don't think any formal
review of CRAN package code is ever done (someone may prove me wrong
here, but there's zillions of lines of code in CRAN now).


More information about the R-help mailing list