Re: R-alpha: R and Linux RedHat-4.1

Martyn Plummer (
Wed, 26 Mar 1997 10:53:35 +0100

Message-Id: <>
Date: Wed, 26 Mar 1997 10:53:35 +0100
To: <>
From: Martyn Plummer <>
Subject: Re: R-alpha: R and Linux RedHat-4.1

At 07:20 26/03/97, wrote:

>>>>>> Thomas Lumley writes:
>> On Tue, 25 Mar 1997, Kurt Hornik wrote:
>>> > with a PGP signature.  I'm just tossing out the idea that it may be a
>>> > good idea to determine a way in which "official" R binary
>>> > distributions or add-on libraries could have digital signatures on
>>> > them.  
>>> Hmm ... I like that idea although we haven't put PGP signatures on any
>>> of our Debian packages yet.  Are you thinking of providing one package
>>> per R package?
>> I also like the idea of PGP signatures in principle.  On the other
>> hand as a non-resident alien in the USA I am one of the few people who
>> can't legally obtain either version of PGP, so it's a bit academic to
>> me.
>You're right ... I think that e.g. in France everything concerned with
>PGP is forbidden.  Martyn?

I didn't know this, but you're quite correct! It's about as illegal
as "walking around with a scud missile under your arm". However, by
virtue of my diplomatic status here in France I might be able use it
(I work for the WHO. Technically I'm not on French soil as I type this).
I'll have to ask the Administration. 

For those people who can't use pgp it would be nice if they could
have some confidence that binary packages had already been checked
by someone who _can_ use it.  One solution would be to require that
binary packages and add-ons are uploaded to the CRAN archive with a
separate signature file. The package/signature file pair  can then
be checked before being moved out of the "incoming" directory.  Mirror
sites can run a cron job to check the integrity of the packages on a
regular basis.

This also benefits people who don't know about, or can't be bothered
to use pgp.


r-testers mailing list -- Read
Send "info", "help", or "[un]subscribe"
(in the "body", not the subject !)  To: