About six years ago when I visited Bioconductor for the first time in Seattle, I asked them a question that I had for long: Why is source("https://bioconductor.org/biocLite.R") the recommended way to install Bioconductor? Unfortunately, I don’t remember their answer now, but I guess I was not convinced at that time anyway. Sourcing an R script directly from the web was an obviously very bad idea in my eyes. If you open this script, you will see that it further sources another script from bioconductor.org (and even tries to fall back to the insecure HTTP URL if HTTPS fails), which in turn sources yet another script. If the web server is compromised and someone injects something like system('rm -rf /') in these scripts, users will be in deep deep trouble immediately.
Yesterday I saw Stephen Turner’s tweet about the new BiocManager package, and he recommended that we stop using the biocLite() function. While we should definitely thank the security team at Bioconductor for keeping the server secure for several years, I feel the source() way of installing Bioconductor should be retired as soon as possible.
Donate
As a freelancer (currently working as a contractor) and a dad of three kids, I truly appreciate your donation to support my writing and open-source software development! Your contribution helps me cope with financial uncertainty better, so I can spend more time on producing high-quality content and software. You can make a donation through methods below.
-
Venmo:
@yihui_xie, or Zelle:xie@yihui.name -
Paypal
-
If you have a Paypal account, you can follow the link https://paypal.me/YihuiXie or find me on Paypal via my email
xie@yihui.name. Please choose the payment type as “Family and Friends” (instead of “Goods and Services”) to avoid extra fees. -
If you don’t have Paypal, you may donate through this link via your debit or credit card. Paypal will charge a fee on my side.
-
-
Other ways:
WeChat Pay (微信支付:谢益辉) Alipay (支付宝:谢益辉) 
When sending money, please be sure to add a note “gift” or “donation” if possible, so it won’t be treated as my taxable income but a genuine gift. Needless to say, donation is completely voluntary and I appreciate any amount you can give.
Please feel free to email me if you prefer a different way to give. Thank you very much!
I’ll give back a significant portion of the donations to the open-source community and charities. For the record, I received about $30,000 in total (before tax) in 2024-25, and gave back about $15,000 (after tax).