On 17/10/2009 1:57 PM, Thomas Petzoldt wrote:
Duncan Murdoch wrote:
Thomas Petzoldt wrote:
[...]
This is fine, but in contrast to older versions (<= 2.9.2) no
automatic index is created for the linked directory, so we now get:
"URL /library/foo/examples/ was not found"
but linking to *individual files* (e.g. examples/example.R) works as
expected. We can, of course, add manually maintained index files
but I would much prefer if a default index would be created for the
directory if no index.html is found.
By "index" in R <= 2.9.2, you mean the default directory listing
produced by the web server, rather than something produced by R,
right?
Yes, I mean the default directory listing produced by (most) web servers.
The R server does that now if the directory is named "doc", but not
for an arbitrary path. We are concerned about security: any user on
your system who can guess your port number can access your help
system, so we want to be sure that such users can't access private
files.
Hmm, I see and have some tendency to understand that this may be an
issue for certain multi-user systems. Looking into the svn log (and
compiling R) it appears that the remaining possibilities where also
regarded as security issue and are now locked down too.
Well, I'm not yet completely convinced that this was a good idea.
1) It does not completely solve security issues; what is so different
between the library/foo/doc and library/foo/examples ???
The doc directory is known to be visible. It might surprise someone if
arbitrary directories were visible, and readable by any user.
2) The change will introduce additional work for package authors
that used internal links within their packages. I can, of course,
reorganize everything below doc, e.g. /library/foo/doc/examples ... but
this means that these things are even more hidden.
Why would someone know to look in .../examples? Just update whatever
hint you gave them to look there, and tell them to look in
.../doc/examples instead. I don't think it's likely that most people
would discover either directory without a hint somewhere. If they were
looking for examples, they'd look in the documented places, the Examples
section of man pages, or in the vignettes.
3) However, according to the changed R-Exts, it was obviously decided
that this was necessary, so *I* will do the required reorganization.
I think it was not so much a decision that this was necessary, as that
it was prudent.
Duncan Murdoch
I hope that other package authors accept this change of the rules too.
Nevertheless, thank you very much for the new help system.
Thomas P.
______________________________________________
R-devel@r-project.org mailing list
https://stat.ethz.ch/mailman/listinfo/r-devel
______________________________________________
R-devel@r-project.org mailing list
https://stat.ethz.ch/mailman/listinfo/r-devel
