I would like to start a discussion about a recent minor security bug I found in R 4.1.2. Its minor because it is only in certain versions of R and prevents you from using certain versions of R. However, I am unsure how the R source code is organized or maintained, so I cannot compare to find the cause of the bug.
Can you help me better understand how the R source code is organized?
How can I compare base R source across versions in order to help find a bug? (4.1.1 vs. 4.1.2)
Location of the source code:
https://svn.r-project.org/R/
Relevant Background:
Basically the anti-virus bug has resurfaced in 4.1.2, but with a whole new variant that prevents even the use of non-privileged user from starting up R. It now blocks internet.dll as well and does it regardless of where or R is installed. Here are some references to past iterations of the bug:
https://forum.posit.co/t/potential-solution-for-when-anti-virus-prevents-moving-a-temporary-installation/39576
https://forum.posit.co/t/rstudio-viewer-not-working-failed-to-load-resource-the-server-responded-with-a-status-of-403-forbidden/64982
https://forum.posit.co/t/anti-virus-quarantine-files-when-installing-packages/70058
I learned from research R source code found in https://svn.r-project.org/R/ now has github: https://github.com/wch/r-source . I even think I found files behind the bug internet.c and the folder "internet" . However, I was not clear to me immediately the line of code causing the Antivirus to misfire.
Now what I have noticed from a fresh install is that certain versions work and certain versions do not. The bug is in version 4.0.0 and version 4.1.2; but its is not in version 4.1.1 or version 4.0.5. So I am pretty sure by comparing between versions I can find the line or line(s) of code and then set up a proper discussion. But I cannot tell which GitHub branch corresponds to which version of the code.
And that where I am stuck... I cannot make heads or tales of what it means by tags vs. branches vs. trunk.
Starting a discussion about this bug is important to me because it goes directly to the heart of this article:
https://support.rstudio.com/hc/en-us/articles/360042593974-R-and-R-Package-Security
I just need a little help figure out how the core R package is organized. Which is why I am reaching to to anyone with SVN or GitHub experience to help.