R Software

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

R Software

Evan Lindenberger
Hello,

My name is Evan Lindenberger and I work at the Johnson & Wales information security office. We received a request for R Software, but I have a few questions before we start using R, such as:

- What information does R collect?
- Does the R Foundation have a written information security policy (WISP)?
- Is R compliant with GDPR and ADA?

If someone could get back to me, that would be greatly appreciated.

Thank you.

        [[alternative HTML version deleted]]

______________________________________________
[hidden email] mailing list -- To UNSUBSCRIBE and more, see
https://stat.ethz.ch/mailman/listinfo/r-help
PLEASE do read the posting guide http://www.R-project.org/posting-guide.html
and provide commented, minimal, self-contained, reproducible code.
Reply | Threaded
Open this post in threaded view
|

Re: R Software

Rui Barradas
Hello,

I do not speak for the R Foundation but I believe you are not aware that
R is a computer language for statistics biostatistics and (scientific)
graphics.

- R itself does not collect data.
- Security policies are left to the users.
- You can program whatever you want since R is Turing equivalent, GDPR
or ADA compliant or not. It's up to the users/developers to comply to
laws. (I hope they do.)

Regarding this, R is pretty much the same as, for instance, C, C++,
Fortran, etc. And just like those languages R is used by companies and
other institutions, government or private, that enforce strong security
policies.


Hope this helps,

Rui Barradas

Às 17:32 de 18/02/2019, Evan Lindenberger escreveu:

> Hello,
>
> My name is Evan Lindenberger and I work at the Johnson & Wales information security office. We received a request for R Software, but I have a few questions before we start using R, such as:
>
> - What information does R collect?
> - Does the R Foundation have a written information security policy (WISP)?
> - Is R compliant with GDPR and ADA?
>
> If someone could get back to me, that would be greatly appreciated.
>
> Thank you.
>
> [[alternative HTML version deleted]]
>
> ______________________________________________
> [hidden email] mailing list -- To UNSUBSCRIBE and more, see
> https://stat.ethz.ch/mailman/listinfo/r-help
> PLEASE do read the posting guide http://www.R-project.org/posting-guide.html
> and provide commented, minimal, self-contained, reproducible code.
>

______________________________________________
[hidden email] mailing list -- To UNSUBSCRIBE and more, see
https://stat.ethz.ch/mailman/listinfo/r-help
PLEASE do read the posting guide http://www.R-project.org/posting-guide.html
and provide commented, minimal, self-contained, reproducible code.
Reply | Threaded
Open this post in threaded view
|

Re: R Software

Bert Gunter-2
To add to what Rui said, go here:
https://www.r-project.org/

Bert Gunter

"The trouble with having an open mind is that people keep coming along and
sticking things into it."
-- Opus (aka Berkeley Breathed in his "Bloom County" comic strip )


On Mon, Feb 18, 2019 at 2:11 PM Rui Barradas <[hidden email]> wrote:

> Hello,
>
> I do not speak for the R Foundation but I believe you are not aware that
> R is a computer language for statistics biostatistics and (scientific)
> graphics.
>
> - R itself does not collect data.
> - Security policies are left to the users.
> - You can program whatever you want since R is Turing equivalent, GDPR
> or ADA compliant or not. It's up to the users/developers to comply to
> laws. (I hope they do.)
>
> Regarding this, R is pretty much the same as, for instance, C, C++,
> Fortran, etc. And just like those languages R is used by companies and
> other institutions, government or private, that enforce strong security
> policies.
>
>
> Hope this helps,
>
> Rui Barradas
>
> Às 17:32 de 18/02/2019, Evan Lindenberger escreveu:
> > Hello,
> >
> > My name is Evan Lindenberger and I work at the Johnson & Wales
> information security office. We received a request for R Software, but I
> have a few questions before we start using R, such as:
> >
> > - What information does R collect?
> > - Does the R Foundation have a written information security policy
> (WISP)?
> > - Is R compliant with GDPR and ADA?
> >
> > If someone could get back to me, that would be greatly appreciated.
> >
> > Thank you.
> >
> >       [[alternative HTML version deleted]]
> >
> > ______________________________________________
> > [hidden email] mailing list -- To UNSUBSCRIBE and more, see
> > https://stat.ethz.ch/mailman/listinfo/r-help
> > PLEASE do read the posting guide
> http://www.R-project.org/posting-guide.html
> > and provide commented, minimal, self-contained, reproducible code.
> >
>
> ______________________________________________
> [hidden email] mailing list -- To UNSUBSCRIBE and more, see
> https://stat.ethz.ch/mailman/listinfo/r-help
> PLEASE do read the posting guide
> http://www.R-project.org/posting-guide.html
> and provide commented, minimal, self-contained, reproducible code.
>

        [[alternative HTML version deleted]]

______________________________________________
[hidden email] mailing list -- To UNSUBSCRIBE and more, see
https://stat.ethz.ch/mailman/listinfo/r-help
PLEASE do read the posting guide http://www.R-project.org/posting-guide.html
and provide commented, minimal, self-contained, reproducible code.
Reply | Threaded
Open this post in threaded view
|

Re: R Software

Evan Lindenberger
Hello!

Thanks for getting back to me, I just need to ask these question while reviewing a software for the school, but just to clarify, the R Foundation itself does not need to abide by GDPR?

Also, the WISP mentioned would be how the R Foundation handles internal information regarding the company.

Sincerely,
Evan Lindenberger

________________________________
From: Bert Gunter <[hidden email]>
Sent: Monday, February 18, 2019 5:45:07 PM
To: Rui Barradas
Cc: Evan Lindenberger; [hidden email]
Subject: Re: [R] R Software


WARNING: This email originated from outside of Johnson & Wales University.
Do not click links or open attachments unless you recognize the sender & are expecting the message.

To add to what Rui said, go here:
https://www.r-project.org/<https://clicktime.symantec.com/37vc7To4aANtsQh834ruXha7Vc?u=https%3A%2F%2Fwww.r-project.org%2F>

Bert Gunter

"The trouble with having an open mind is that people keep coming along and sticking things into it."
-- Opus (aka Berkeley Breathed in his "Bloom County" comic strip )


On Mon, Feb 18, 2019 at 2:11 PM Rui Barradas <[hidden email]<mailto:[hidden email]>> wrote:
Hello,

I do not speak for the R Foundation but I believe you are not aware that
R is a computer language for statistics biostatistics and (scientific)
graphics.

- R itself does not collect data.
- Security policies are left to the users.
- You can program whatever you want since R is Turing equivalent, GDPR
or ADA compliant or not. It's up to the users/developers to comply to
laws. (I hope they do.)

Regarding this, R is pretty much the same as, for instance, C, C++,
Fortran, etc. And just like those languages R is used by companies and
other institutions, government or private, that enforce strong security
policies.


Hope this helps,

Rui Barradas

�s 17:32 de 18/02/2019, Evan Lindenberger escreveu:

> Hello,
>
> My name is Evan Lindenberger and I work at the Johnson & Wales information security office. We received a request for R Software, but I have a few questions before we start using R, such as:
>
> - What information does R collect?
> - Does the R Foundation have a written information security policy (WISP)?
> - Is R compliant with GDPR and ADA?
>
> If someone could get back to me, that would be greatly appreciated.
>
> Thank you.
>
>       [[alternative HTML version deleted]]
>
> ______________________________________________
> [hidden email]<mailto:[hidden email]> mailing list -- To UNSUBSCRIBE and more, see
> https://stat.ethz.ch/mailman/listinfo/r-help<https://clicktime.symantec.com/3BUgvpFLdSWDRFa1j2F2m5m7Vc?u=https%3A%2F%2Fstat.ethz.ch%2Fmailman%2Flistinfo%2Fr-help>
> PLEASE do read the posting guide http://www.R-project.org/posting-guide.html<https://clicktime.symantec.com/3Lh2L3VsqTjGFeFxPyQotrx7Vc?u=http%3A%2F%2Fwww.R-project.org%2Fposting-guide.html>
> and provide commented, minimal, self-contained, reproducible code.
>
______________________________________________
[hidden email]<mailto:[hidden email]> mailing list -- To UNSUBSCRIBE and more, see
https://stat.ethz.ch/mailman/listinfo/r-help<https://clicktime.symantec.com/3BUgvpFLdSWDRFa1j2F2m5m7Vc?u=https%3A%2F%2Fstat.ethz.ch%2Fmailman%2Flistinfo%2Fr-help>
PLEASE do read the posting guide http://www.R-project.org/posting-guide.html<https://clicktime.symantec.com/3Lh2L3VsqTjGFeFxPyQotrx7Vc?u=http%3A%2F%2Fwww.R-project.org%2Fposting-guide.html>
and provide commented, minimal, self-contained, reproducible code.

        [[alternative HTML version deleted]]


______________________________________________
[hidden email] mailing list -- To UNSUBSCRIBE and more, see
https://stat.ethz.ch/mailman/listinfo/r-help
PLEASE do read the posting guide http://www.R-project.org/posting-guide.html
and provide commented, minimal, self-contained, reproducible code.
Reply | Threaded
Open this post in threaded view
|

Re: R Software

Bert Gunter-2
Please stop these silly posts. R is open source software, and its open
source licensing requirements are explained on its website and referenced
links. As stated there, it comes with NO guarantees. The R Foundation is
*not* a company.


Bert Gunter

"The trouble with having an open mind is that people keep coming along and
sticking things into it."
-- Opus (aka Berkeley Breathed in his "Bloom County" comic strip )


On Thu, Feb 21, 2019 at 7:26 AM Evan Lindenberger <[hidden email]>
wrote:

> Hello!
>
> Thanks for getting back to me, I just need to ask these question while
> reviewing a software for the school, but just to clarify, the R Foundation
> itself does not need to abide by GDPR?
>
> Also, the WISP mentioned would be how the R Foundation handles internal
> information regarding the company.
>
> Sincerely,
> Evan Lindenberger
> ------------------------------
> *From:* Bert Gunter <[hidden email]>
> *Sent:* Monday, February 18, 2019 5:45:07 PM
> *To:* Rui Barradas
> *Cc:* Evan Lindenberger; [hidden email]
> *Subject:* Re: [R] R Software
>
>
> *WARNING:* This email originated from *outside* of Johnson & Wales
> University.
> *Do not click links or open attachments* unless you recognize the sender
> & are expecting the message.
> To add to what Rui said, go here:
> https://www.r-project.org/
> <https://clicktime.symantec.com/37vc7To4aANtsQh834ruXha7Vc?u=https%3A%2F%2Fwww.r-project.org%2F>
>
> Bert Gunter
>
> "The trouble with having an open mind is that people keep coming along and
> sticking things into it."
> -- Opus (aka Berkeley Breathed in his "Bloom County" comic strip )
>
>
> On Mon, Feb 18, 2019 at 2:11 PM Rui Barradas <[hidden email]> wrote:
>
> Hello,
>
> I do not speak for the R Foundation but I believe you are not aware that
> R is a computer language for statistics biostatistics and (scientific)
> graphics.
>
> - R itself does not collect data.
> - Security policies are left to the users.
> - You can program whatever you want since R is Turing equivalent, GDPR
> or ADA compliant or not. It's up to the users/developers to comply to
> laws. (I hope they do.)
>
> Regarding this, R is pretty much the same as, for instance, C, C++,
> Fortran, etc. And just like those languages R is used by companies and
> other institutions, government or private, that enforce strong security
> policies.
>
>
> Hope this helps,
>
> Rui Barradas
>
> Às 17:32 de 18/02/2019, Evan Lindenberger escreveu:
> > Hello,
> >
> > My name is Evan Lindenberger and I work at the Johnson & Wales
> information security office. We received a request for R Software, but I
> have a few questions before we start using R, such as:
> >
> > - What information does R collect?
> > - Does the R Foundation have a written information security policy
> (WISP)?
> > - Is R compliant with GDPR and ADA?
> >
> > If someone could get back to me, that would be greatly appreciated.
> >
> > Thank you.
> >
> >       [[alternative HTML version deleted]]
> >
> > ______________________________________________
> > [hidden email] mailing list -- To UNSUBSCRIBE and more, see
> > https://stat.ethz.ch/mailman/listinfo/r-help
> <https://clicktime.symantec.com/3BUgvpFLdSWDRFa1j2F2m5m7Vc?u=https%3A%2F%2Fstat.ethz.ch%2Fmailman%2Flistinfo%2Fr-help>
> > PLEASE do read the posting guide
> http://www.R-project.org/posting-guide.html
> <https://clicktime.symantec.com/3Lh2L3VsqTjGFeFxPyQotrx7Vc?u=http%3A%2F%2Fwww.R-project.org%2Fposting-guide.html>
> > and provide commented, minimal, self-contained, reproducible code.
> >
>
> ______________________________________________
> [hidden email] mailing list -- To UNSUBSCRIBE and more, see
> https://stat.ethz.ch/mailman/listinfo/r-help
> <https://clicktime.symantec.com/3BUgvpFLdSWDRFa1j2F2m5m7Vc?u=https%3A%2F%2Fstat.ethz.ch%2Fmailman%2Flistinfo%2Fr-help>
> PLEASE do read the posting guide
> http://www.R-project.org/posting-guide.html
> <https://clicktime.symantec.com/3Lh2L3VsqTjGFeFxPyQotrx7Vc?u=http%3A%2F%2Fwww.R-project.org%2Fposting-guide.html>
> and provide commented, minimal, self-contained, reproducible code.
>
>

        [[alternative HTML version deleted]]

______________________________________________
[hidden email] mailing list -- To UNSUBSCRIBE and more, see
https://stat.ethz.ch/mailman/listinfo/r-help
PLEASE do read the posting guide http://www.R-project.org/posting-guide.html
and provide commented, minimal, self-contained, reproducible code.
Reply | Threaded
Open this post in threaded view
|

Re: R Software

Jeff Newmiller
IANAL (nor an R Core developer) but I think GDPR applies to organizations, particularly ones that handle personally-identifiable data, presumably through the use of software. As R does not by design collect such data without being given explicit instructions by the user to do so and where to store it, it seems unlikely to me that this should be an issue. [1] However, R exists because of individuals and organizations that contribute to it, so anyone who needs to pursue this question should be communicating with those entities... e.g. [2][3][4], since this forum is primarily populated by users and is not really suitable for legal queries. Be warned that there are a lot of them when you consider the number of contributed packages (that you might elect to install but are separate from R) out there, and IMO it will be unlikely to be worth your while to bother them unless your review of their open source code reveals phone-home behaviour.

[1] https://termsfeed.com/blog/gdpr-open-source
[2] https://www.r-project.org/foundation/board.html
[3] https://mran.microsoft.com/contact
[4] https://www.rstudio.com/about/

On February 21, 2019 7:41:30 AM PST, Bert Gunter <[hidden email]> wrote:

>Please stop these silly posts. R is open source software, and its open
>source licensing requirements are explained on its website and
>referenced
>links. As stated there, it comes with NO guarantees. The R Foundation
>is
>*not* a company.
>
>
>Bert Gunter
>
>"The trouble with having an open mind is that people keep coming along
>and
>sticking things into it."
>-- Opus (aka Berkeley Breathed in his "Bloom County" comic strip )
>
>
>On Thu, Feb 21, 2019 at 7:26 AM Evan Lindenberger
><[hidden email]>
>wrote:
>
>> Hello!
>>
>> Thanks for getting back to me, I just need to ask these question
>while
>> reviewing a software for the school, but just to clarify, the R
>Foundation
>> itself does not need to abide by GDPR?
>>
>> Also, the WISP mentioned would be how the R Foundation handles
>internal
>> information regarding the company.
>>
>> Sincerely,
>> Evan Lindenberger
>> ------------------------------
>> *From:* Bert Gunter <[hidden email]>
>> *Sent:* Monday, February 18, 2019 5:45:07 PM
>> *To:* Rui Barradas
>> *Cc:* Evan Lindenberger; [hidden email]
>> *Subject:* Re: [R] R Software
>>
>>
>> *WARNING:* This email originated from *outside* of Johnson & Wales
>> University.
>> *Do not click links or open attachments* unless you recognize the
>sender
>> & are expecting the message.
>> To add to what Rui said, go here:
>> https://www.r-project.org/
>>
><https://clicktime.symantec.com/37vc7To4aANtsQh834ruXha7Vc?u=https%3A%2F%2Fwww.r-project.org%2F>
>>
>> Bert Gunter
>>
>> "The trouble with having an open mind is that people keep coming
>along and
>> sticking things into it."
>> -- Opus (aka Berkeley Breathed in his "Bloom County" comic strip )
>>
>>
>> On Mon, Feb 18, 2019 at 2:11 PM Rui Barradas <[hidden email]>
>wrote:
>>
>> Hello,
>>
>> I do not speak for the R Foundation but I believe you are not aware
>that
>> R is a computer language for statistics biostatistics and
>(scientific)
>> graphics.
>>
>> - R itself does not collect data.
>> - Security policies are left to the users.
>> - You can program whatever you want since R is Turing equivalent,
>GDPR
>> or ADA compliant or not. It's up to the users/developers to comply to
>> laws. (I hope they do.)
>>
>> Regarding this, R is pretty much the same as, for instance, C, C++,
>> Fortran, etc. And just like those languages R is used by companies
>and
>> other institutions, government or private, that enforce strong
>security
>> policies.
>>
>>
>> Hope this helps,
>>
>> Rui Barradas
>>
>> Às 17:32 de 18/02/2019, Evan Lindenberger escreveu:
>> > Hello,
>> >
>> > My name is Evan Lindenberger and I work at the Johnson & Wales
>> information security office. We received a request for R Software,
>but I
>> have a few questions before we start using R, such as:
>> >
>> > - What information does R collect?
>> > - Does the R Foundation have a written information security policy
>> (WISP)?
>> > - Is R compliant with GDPR and ADA?
>> >
>> > If someone could get back to me, that would be greatly appreciated.
>> >
>> > Thank you.
>> >
>> >       [[alternative HTML version deleted]]
>> >
>> > ______________________________________________
>> > [hidden email] mailing list -- To UNSUBSCRIBE and more, see
>> > https://stat.ethz.ch/mailman/listinfo/r-help
>>
><https://clicktime.symantec.com/3BUgvpFLdSWDRFa1j2F2m5m7Vc?u=https%3A%2F%2Fstat.ethz.ch%2Fmailman%2Flistinfo%2Fr-help>
>> > PLEASE do read the posting guide
>> http://www.R-project.org/posting-guide.html
>>
><https://clicktime.symantec.com/3Lh2L3VsqTjGFeFxPyQotrx7Vc?u=http%3A%2F%2Fwww.R-project.org%2Fposting-guide.html>
>> > and provide commented, minimal, self-contained, reproducible code.
>> >
>>
>> ______________________________________________
>> [hidden email] mailing list -- To UNSUBSCRIBE and more, see
>> https://stat.ethz.ch/mailman/listinfo/r-help
>>
><https://clicktime.symantec.com/3BUgvpFLdSWDRFa1j2F2m5m7Vc?u=https%3A%2F%2Fstat.ethz.ch%2Fmailman%2Flistinfo%2Fr-help>
>> PLEASE do read the posting guide
>> http://www.R-project.org/posting-guide.html
>>
><https://clicktime.symantec.com/3Lh2L3VsqTjGFeFxPyQotrx7Vc?u=http%3A%2F%2Fwww.R-project.org%2Fposting-guide.html>
>> and provide commented, minimal, self-contained, reproducible code.
>>
>>
>
> [[alternative HTML version deleted]]
>
>______________________________________________
>[hidden email] mailing list -- To UNSUBSCRIBE and more, see
>https://stat.ethz.ch/mailman/listinfo/r-help
>PLEASE do read the posting guide
>http://www.R-project.org/posting-guide.html
>and provide commented, minimal, self-contained, reproducible code.

--
Sent from my phone. Please excuse my brevity.

______________________________________________
[hidden email] mailing list -- To UNSUBSCRIBE and more, see
https://stat.ethz.ch/mailman/listinfo/r-help
PLEASE do read the posting guide http://www.R-project.org/posting-guide.html
and provide commented, minimal, self-contained, reproducible code.