[R] are R packages safe?

Marc Schwartz marc_schwartz at me.com
Thu Dec 8 19:04:09 CET 2016

> On Dec 8, 2016, at 11:47 AM, Dimitri Liakhovitski <dimitri.liakhovitski at gmail.com> wrote:
> Guys,
> suddenly, I am being asked for a proof that R packages that are not
> '"base" are safe. I've never been asked this question before.
> Is there some documentation on CRAN that discusses how it's ensured
> that all "official" R packages have been "vetted" and are safe?
> Thanks a lot!
> -- 
> Dimitri Liakhovitski


You are going to need to define "safe".

Also, note that the notion of "official R packages" is not defined, other than for those that bear the copyright of The R Foundation (Base + Recommended), as per:

  https://www.r-project.org/certification.html <https://www.r-project.org/certification.html>

That packages are available on CRAN does not infer, implicitly or explicitly, that the packages are endorsed/certified/validated by any party.

You can review the CRAN Policy here:

  https://cran.r-project.org/web/packages/policies.html <https://cran.r-project.org/web/packages/policies.html>.

which provides a standardized framework for CRAN submissions.

Does "safe" mean that they are virus/malware free?

Does "safe" mean that they are extensively tested/validated, bug free and yield documented evidence of consistent and correct results, possibly having also been tested for "edge cases"?


Marc Schwartz

	[[alternative HTML version deleted]]

More information about the R-help mailing list