search

ropensci / essurvey

Download data from the European Social Survey
https://docs.ropensci.org/essurvey
Other
49 stars 9 forks source link

Removed from CRAN? #51

Closed briatte closed 3 years ago

briatte commented 3 years ago

Package ‘essurvey’ was removed from the CRAN repository.

Formerly available versions can be obtained from the archive.

Archived on 2021-02-27 for policy violation.

Curious to know what policy we violated…

cimentadaj commented 3 years ago

Yeah, essurvey is facing a rough patch at the moment. Maybe others can help to figure this out.

It seems that https://www.europeansocialsurvey.org/ updated their security certificates to very new certificate (something that was published maybe a week ago). This has the problem of this:

curl -v https://europeansocialsurvey.org/
*   Trying 129.177.90.95:443...
* TCP_NODELAY set
* Connected to europeansocialsurvey.org (129.177.90.95) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* NPN, negotiated HTTP1.1
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (OUT), TLS alert, unknown CA (560):
* SSL certificate problem: unable to get local issuer certificate
* Closing connection 0
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

Pretty much no one can make requests to their website unless they have their local certificates updated to ESS's new certificates. Chrome and Firefox come bundled up with their own certificates and they take care of updating them automatically. But CRAN, Travis, GH actions haven't updated them. This means that all functions from essurvey fail when called in any of these services, raising errors in tests, examples, vignettes and the like. I will definitely resubmit essurvey to CRAN but I still don't know how to approach this problem. Some have suggested that we convince CRAN to update their certificates, so we might have to go that way.

I will reach out to rOpensci, in case they've experience this before and know a workaround. Any ideas? Can you actually try to make the curl request and see if you experience the same?

Bisaloo commented 3 years ago

As far as I can tell, it's not a problem of the certificate being too new for R (as opposed to web browsers). The certificate chain is misconfigured and this is what's causing problems: https://whatsmychaincert.com/?europeansocialsurvey.org

Browsers are pretty clever and work around this problem but it's still a bug on ESS's side.

Do you have any way to report it to them?

briatte commented 3 years ago

As far as I can tell, it's not a problem of the certificate being too new for R (as opposed to web browsers). The certificate chain is misconfigured and this is what's causing problems: https://whatsmychaincert.com/?europeansocialsurvey.org

Browsers are pretty clever and work around this problem but it's still a bug on ESS's side.

Do you have any way to report it to them?

If @cimentadaj agrees, I can do that, copying him to the email. I'm not sure if I still know anyone at ESS, but I can figure it out.

@Bisaloo — do you believe that I should email them the result of the "Generate chain" download button right at the bottom of the Web page you linked?

Bisaloo commented 3 years ago

I would copy the link to the website (https://whatsmychaincert.com/?europeansocialsurvey.org) instead of sending just the fix.

This problem might be completely new to some people so I think it's nice to have the small explanation at the beginning, the diagnostic, and then the solution.

cimentadaj commented 3 years ago

@briatte, go ahead, that would be great. Feel free to cc me. @djhurio might know someone as well.

djhurio commented 3 years ago

I have sent an e-mail to the ESS media relations officer Stefan Swift. He should know someone responsible for the ESS website.

djhurio commented 3 years ago

SSL chain has been fixed. Looks good now. https://whatsmychaincert.com/?www.europeansocialsurvey.org

cimentadaj commented 3 years ago

Thank you @djhurio , @briatte and @Bisaloo. essurvey is now passing and back to normal. Resubmitting to CRAN within a day.

cimentadaj commented 3 years ago

essurvey is now back on CRAN!