Requesting Assistance with a Backend Question

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Requesting Assistance with a Backend Question

Caughman, Vanessa (OATH)
Good Evening All,

A unit in my agency - The Office of Administrative Trials and Hearings - is requesting R programming software be made accessible within our network.

Because it is an Open Source application, our Cyber Security group has asked for the following information, about the application, be sought -

Does this application require any access, on the backend, when processing or performing analytics; to any parts of the Cloud environment.

I have read through a lot of the information on the R website and FAQs, but I am not finding any clear answers regarding whether there is any need or ability for the application to access the Cloud.

The unit is working in a Windows, networked environment.

Any assistance in answering these questions will assist in the decision to introduce the application into our networked environment.

Thank you and Kind Regards,

Vanessa

Vanessa J. Caughman-NeSmith
Certified Network Administrator (LAN/WAN)
Office of Administrative Trials and Hearings
100 Church Street, 12th Floor
New York, NY  10007
212.933.3028


        [[alternative HTML version deleted]]

______________________________________________
[hidden email] mailing list -- To UNSUBSCRIBE and more, see
https://stat.ethz.ch/mailman/listinfo/r-help
PLEASE do read the posting guide http://www.R-project.org/posting-guide.html
and provide commented, minimal, self-contained, reproducible code.
Reply | Threaded
Open this post in threaded view
|

Re: Requesting Assistance with a Backend Question

Ivan Krylov
On Tue, 24 Sep 2019 22:35:39 +0000
"Caughman, Vanessa (OATH)" <[hidden email]> wrote:

> Does this application require any access, on the backend, when
> processing or performing analytics; to any parts of the Cloud
> environment.

The answer is: no, but see the fine print.

Core R code (i.e. the one you can get by navigating to
https://cran.r-project.org/ and clicking "Download R for (operating
system)") does *not* use Internet services to perform analytics. A part
of core R is its package system (not used to perform analytics per se),
and its functions like install.packages() function do access CRAN
servers by default (though one could specify the repos = ... argument
to make it access local filesystem or another server of your choice)
to download packages of code provided by other users of R. Packages
installed from CRAN may want to access the Internet or execute
arbitrary code with local user access rights. Though there is a policy
[*] to keep things sane and a review process, mistakes may slip though.

Same goes for any kind of programming environment with a repository of
user-supplied code (Perl and CPAN, Python and PyPI, Rust and
crates.io, JavaScript and NPM...). There are also distributions of R
prepared by third parties, such as Anaconda R, Microsoft R Open, and
third party graphical front-ends for R, such as R-Studio, R commander,
RKWard, JGR, which are also outside of the scope of core R.

But one shouldn't trust the advice of J. Random Hacker from the
Internet to determine whether R is safe (subject to whatever definition
of "safe"). Since R is, indeed, free software, it is possible to
exercise the freedom to study how the program works by looking at the
source code [**] and conducting a security audit.

--
Best regards,
Ivan

[*] https://cran.r-project.org/web/packages/policies.html

[**] https://cloud.r-project.org/src/base/R-3/R-3.6.1.tar.gz

______________________________________________
[hidden email] mailing list -- To UNSUBSCRIBE and more, see
https://stat.ethz.ch/mailman/listinfo/r-help
PLEASE do read the posting guide http://www.R-project.org/posting-guide.html
and provide commented, minimal, self-contained, reproducible code.