On Mon, 13 May 2024 09:54:27 -0500 (CDT) luke-tierney--- via R-devel <r-devel@r-project.org> wrote:
> Looks like I added that warning 22 years ago, so that should be enough > notice :-). I'll look into removing it now. Dear Luke, I've got a somewhat niche use case: as a way of protecting myself against rogue *.rds files and vulnerabilities in the C code, I've been manually unserializing "plain" data objects (without anything executable), including environments, in R [1]. I see that SET_ENCLOS() is already commented as "not API and probably should not be <...> used". Do you think there is a way to recreate an environment, taking the REFSXP entries into account, without `parent.env<-`? Would you recommend to abandon the folly of unserializing environments manually? -- Best regards, Ivan [1] https://codeberg.org/aitap/unserializeData/src/commit/33d72705c1ee265349b3e369874ce4b47f9cd358/R/unserialize.R#L289-L313 ______________________________________________ R-devel@r-project.org mailing list https://stat.ethz.ch/mailman/listinfo/r-devel
