gaborcsardi, 28 days ago @_TimTaylor @brodriguesco The supply chain attack part is bogus, because a package can also have an .onLoad() function, or a library init hook in C, so package authors can still run code on your machine, when you load their package. Running code when loading an RDS is bad, OTOH.
@_TimTaylor @brodriguesco The supply chain attack part is bogus, because a package can also have an .onLoad() function, or a library init hook in C, so package authors can still run code on your machine, when you load their package.
Running code when loading an RDS is bad, OTOH.