[R-pkg-devel] False positive antivirus reports on package vignettes
On Tue, 18 Feb 2025 at 14:05, Dirk Eddelbuettel <edd at debian.org> wrote:
Something that had happened to the Rcpp package in the past (but seemingly went away on its own ?) is now apparently hitting package RcppArmadillo. I received private email from the CRAN maintainers reporting, without offering a fix as there seems to be none, that one of the two pdf vignettes (which I happen to create as a shallow Rnw -> pdf wrapper around a pre-made pdf, here that inner pdf had not changed in five years, sigh ...) now upsets one of these (idiotic, but hey, I am sure that at least they are very expensive) anti-virus checkers. Has anybody figured out a workaround? I see withdrawing the pdf vignette as (simple but bad) route. Or should I just change the (internal, binary) pdf payload of the file (hey, one can always update the .bib to newer versions of the cited packages) and hope for the best? Any other route?
What happened in Rcpp is that the antivirus were detecting an old version of ghostscript that could produce potentially vulnerable outputs. We solved it by rebuilding the vignettes with a newer version of ghostscript. This is most likely the same issue. I can rebuild them and send a PR your way if you want. Best, I?aki
Help or tips would be appreciated. Best, Dirk -- dirk.eddelbuettel.com | @eddelbuettel | edd at debian.org
______________________________________________ R-package-devel at r-project.org mailing list https://stat.ethz.ch/mailman/listinfo/r-package-devel
I?aki ?car