similar to: https://cran.r-project.org/src/base-prerelease/ is not updating

Not sure who is the webadmin for https://cran.r-project.org/sources.html, so posting it here: I just noticed it's not straightforward to find the Subversion URL for the R source code. A natural search would be to go to https://cran.r-project.org/, then click 'Source code' to get to https://cran.r-project.org/sources.html. That page does mention "Subversion tree", but it

To be clear, this not an issue in the libraries nor R, the certificates on the server were simply wrong. So, no, this has nothing to do with R. Cheers, Simon > On Jun 10, 2020, at 10:45 AM, Henrik Bengtsson <henrik.bengtsson at gmail.com> wrote: > > Was this resolved upstream or is this something that R should/could > fix? If the latter, could this also go into the

Btw. it would be also possible to create a macOS R installer that embeds a static or dynamic libcurl with Secure Transport, instead of the Apple default LibreSSL. This might be too late for R 4.0.1, I don't know. Gabor On Sun, May 31, 2020 at 4:09 PM G?bor Cs?rdi <csardi.gabor at gmail.com> wrote: > > On Sat, May 30, 2020 at 11:32 PM G?bor Cs?rdi <csardi.gabor at

Was this resolved upstream or is this something that R should/could fix? If the latter, could this also go into the "emergency release" R 4.0.2 that is scheduled for 2020-06-22? My $.02 /Henrik On Sun, May 31, 2020 at 8:13 AM G?bor Cs?rdi <csardi.gabor at gmail.com> wrote: > > Btw. it would be also possible to create a macOS R installer that > embeds a static or

You are making a very strong assumption that finding an alternative chain of trust is safe. I'd argue it's not - it means that an adversary could manipulate the chain in a way to trust it instead of the declared chain and thus subverting it. In fact switching to OpenSSL would create a serious security hole here - in particular since it installs a separate trust store which it is far more

On Sat, May 30, 2020 at 11:32 PM G?bor Cs?rdi <csardi.gabor at gmail.com> wrote: [...] > Btw. why does this affect openssl? That root cert was published in > 2010, surely openssl should know about it? Maybe libcurl / openssl > only uses the chain provided by the server? Without trying to use an > alternate chain? Yes, indeed it seems that old OpenSSL versions cannot handle

My (also not expert) understanding is that there is nothing insecure about alternative certificate chains at all. All browsers and macOS's built in SSL library (secure transport) support them properly. OpenSSL and LibreSSL were/are simply broken. This was not such a big issue so far, but now that some old long lived certificates are expiring, it is increasingly an issue. FWIW it is possible

Hi win-builder certificate expired on Aug 15. My student on the other side of the world is also seeing this problem so I think it needs to be fixed... > download.file("https://win-builder.r-project.org", "/tmp/wb.html") trying URL 'https://win-builder.r-project.org' Error in download.file("https://win-builder.r-project.org", "/tmp/wb.html") :

I just noticed the 4.9-20030914-PRERELEASE and made a set of installation boot floppies from it to see which of the devices in my new PC the PRERELEASE would support. It wedged hard during the boot autoconfiguration monologue, just after typing these lines on the console: atapci0: <Intel ICH5 ATA100 controller> port 0xf000-0xf00f,0-0x3,0-0x7,0-0x3,0-0x7 irq 0 at device 31.1 on pci0 ata0:

Odd. Safari has no problem and says certificate expires August 16 2020, but I also see the download.file issue with 4.0.1 beta: > download.file("https://www.r-project.org", tempfile()) trying URL 'https://www.r-project.org' Error in download.file("https://www.r-project.org", tempfile()) : cannot open URL 'https://www.r-project.org' In addition: Warning

My test results for the LLVM 2.2 prerelease. === Q. Target === * Mac OS X 10.4.11 * 2 GHz Intel Core 2 Duo * MacBook % uname -a Darwin macbook.local 8.11.1 Darwin Kernel Version 8.11.1: Wed Oct 10 18:23:28 PDT 2007; root:xnu-792.25.20~1/RELEASE_I386 i386 i386 === Q. How you built the release === * objDir != srcDir * Release build * llvm-gcc-4.2 from source

Yes and no... At least as I understand it (Disclaimer: There are things I am pretty sure that I don't understand properly, somewhere in the Bermuda triangle beween CA bundles, TLS protocols, and Server-side settings), there are two sided to this: One is that various *.r-project.org servers got hit by a fumble where a higher-up certificate in the chain of trust expired before the

# A tibble: 13 x 1 site <chr> 1 beta.r-project.org 2 bugs.r-project.org 3 cran-archive.r-project.org 4 cran.r-project.org 5 developer.r-project.org 6 ess.r-project.org 7 ftp.cran.r-project.org 8 journal.r-project.org 9 r-project.org 10 svn.r-project.org 11 user2011.r-project.org 12 www.cran.r-project.org 13 www.r-project.org is the whole list b/c of the wildcard cert. On

Hi y''all, A prerelease of mongrel_cluster 0.1.3 is available for testing with the Mongrel 0.3.13 prerelease. This release contains bug fixes and adds a Ruby script for managing all applications on a server with a single command. To install: gem install mongrel_cluster --source=http:// railsmachine.rubyforge.org/releases/ Changes: * Suppress output from mongrel_rails. * Added a

Hello! FreeBSD tarkhil.titl.ru 6.1-PRERELEASE FreeBSD 6.1-PRERELEASE #5: Tue Mar 14 14:58:53 MSK 2006 root@tarkhil.titl.ru:/usr/obj/usr/src/sys/ARMADA i386 encountered problems with USB-to-IDE box and NEC CD-RW/DVD drive. Controller /dev/usb3: addr 1: high speed, self powered, config 1, EHCI root hub(0x0000), NEC(0x0000), rev 1.00 port 1 powered port 2 addr 2: high speed, self powered,

Dear Tanya: > You also have a few CBE failures that I am not seeing. What version > of xcode do you have installed? Xcode 2.4.1 > Can you send me the following files? > SingleSource/Regression/C/Output/2008-01-07-LongDouble.* > SingleSource/Regression/C/Output/PR1386.* OK, I attached those files (llvm-2.2-test-output.tar.gz) Best regards, 2008/1/30, Tanya Lattner <tonic at

As I said, there is stuff that I don't understand in here.... (including why browsers apparently do trust alternative chains) -pd > On 10 Jun 2020, at 01:53 , Simon Urbanek <simon.urbanek at R-project.org> wrote: > > You are making a very strong assumption that finding an alternative chain of trust is safe. I'd argue it's not - it means that an adversary could

On 30/05/2020 5:23 p.m., Bob Rudis wrote: > I've updated the dashboard (https://rud.is/r-project-cert-status/) > script and my notifier script to account for the entire chain in each > cert. You never posted which certificate has expired. Your dashboard shows they're all valid, but the download still fails, presumably because something not shown has expired. Hopefully someone

Anyone know if mount_smbfs is broken in 6.1, I'm trying to run this: "mount_smbfs -I 192.168.1.2 //nbritton@192.168.1.2/music2 /mnt/network/music/" And then it asks for my password, I type it in, and then I get this error: "mount_smbfs: unable to open connection: syserr = Authentication error" I've had this same problem on another 6.1 box too... I can run this same

Thanks for testing the release. Overall the test results look decent with a couple exceptions. You also have a few CBE failures that I am not seeing. What version of xcode do you have installed? Can you send me the following files? SingleSource/Regression/C/Output/2008-01-07-LongDouble.* SingleSource/Regression/C/Output/PR1386.* Thanks, Tanya On Jan 26, 2008, at 6:43 AM, Takanori Ishikawa