Rebuilding all 100+ r-cran-* packages for R 2.10.0 + security question

[Dirk Eddelbuettel <edd@debian.org>]

[ I send the following to d-devel and d-science earlier today; Cyril
  responded suggesting that talk to -release re paragraphs 2 and 3, and to
  -security re paragraph 4.  Comments welcome, and CCs appreciated. --Dirk ]

On 16 October 2009 at 13:29, Dirk Eddelbuettel wrote:
| R 2.10.0, due out October 26, will switch to an internal html converter from
| the latex-alike Rd format coupled with an internal webserver.  See below for
| the section on 'Significant user-visible changes' in the NEWS file from
| 2.10.0 -- taken from the Oct 13 beta currently in unstable.
| 
| This means we "should" rebuild all packages or else they will upon load
| trigger a nagging message 'package foo was built under R version x.y.z and
| may not function properly' as well as possible malfunctions of the help
| system.  As we're only talking 100+ packages, this should work.
| 
| I would appreciate some pointers as to how I can milk out fancypants new mega
| databases to extracts all packages (matching r-cran-*; there are only one or
| two exceptions to that rules) and their maintainers ... and ideally even
| monitor most recent re-builds.  Anybody feel like sharing some hints with me
| off-line? 
| 
| Also, and the security minded folks may want to consider the second bullet
| point:  do we need to worry about this or not as it is just the loopback
| interface?  Seems fine to me but I figured I'd better ask :)
| 
| Please CC me on replies. 
| 
| Cheers, Dirk
| 
| 
| 
| 
| 
| 	**************************************************
| 	*						 *
| 	*	       2.10 SERIES NEWS			 *
| 	*						 *
| 	**************************************************
| 
| 
| 		CHANGES IN R VERSION 2.10.0
| 
| 
| SIGNIFICANT USER-VISIBLE CHANGES
| 
|     o	Package help is now converted from Rd by the R-based converters
| 	that were first introduced in 2.9.0.  This means
| 
| 	- Packages that were installed by R-devel after 2009-08-09
| 	  should not be used with earlier versions of R, and most
| 	  aspects of package help (including the runnable examples)
| 	  will be missing if they are so used.
| 
| 	- Text, HTML and latex help and examples for packages
| 	  installed under the new system are converted on-demand from
| 	  stored parsed Rd files.  (Conversions stored in packages
| 	  installed under R < 2.10.0 are used if no parsed Rd files
| 	  are found.  It is recommended that such packages be
| 	  re-installed.)
| 
| 
|     o	HTML help is now generated dynamically using an HTTP server
| 	running in the R process and listening on the loopback
| 	interface.
| 
| 	- Those worried about security implications of such a server
| 	  can disable it by setting the environment variable
| 	  R_DISABLE_HTTPD to a non-empty value.  This disables
| 	  help.start() and HTML help (so text help is shown instead).
| 
| 	- The Java/Javascript search engine has been replaced by an
| 	  HTML interface to help.search().  help.start() no longer has
| 	  an argument 'searchEngine' as it is no longer needed.
| 
| 	- The HTML help can now locate cross-references of the form
|           \link[pkg]{foo} and \link[pkg:foo]{bar} where 'foo' is an
|           alias in the package, rather than the documented (basename
|           of a) filename (since the documentation has been much
|           ignored).
| 
| 
| 
| 
| -- 
| Three out of two people have difficulties with fractions.
| 
| 
| -- 
| To UNSUBSCRIBE, email to debian-science-request@lists.debian.org
| with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| 

-- 
Three out of two people have difficulties with fractions.