Dear all, the new CRAN URL checks flag HTTP 301 redirects. While I understand the intent, I think this is unfortunate, because several URL shortener services use 301 redirects, and often a shorter URL is actually better in a manual page than a longer one that can be several lines long in the console and also potentially truncated in the PDF manual. Some example shorteners that are flagged:> db <- tools:::url_db(c("https://nyti.ms", "https://t.co/mtXLLfYOYE"), "README") > tools:::check_url_db(db)URL: https://nyti.ms (moved to https://www.nytimes.com/) From: README Status: 200 Message: OK URL: https://t.co/mtXLLfYOYE (moved to https://www.bbc.co.uk/news/blogs-trending-47975564) From: README Status: 200 Message: OK
I can't comment for CRAN, but generally, shorteners are considered security risk so regardless of the 301 handling I think flagging those is a good idea. Also I think it is particularly bad to use them in manuals because it hides the target so the user has no idea what hey will get. Cheers, Simon> On Sep 17, 2020, at 5:35 AM, G?bor Cs?rdi <csardi.gabor at gmail.com> wrote: > > Dear all, > > the new CRAN URL checks flag HTTP 301 redirects. While I understand > the intent, I think this is unfortunate, because several URL shortener > services use 301 redirects, and often a shorter URL is actually better > in a manual page than a longer one that can be several lines long in > the console and also potentially truncated in the PDF manual. > > Some example shorteners that are flagged: > >> db <- tools:::url_db(c("https://nyti.ms", "https://t.co/mtXLLfYOYE"), "README") >> tools:::check_url_db(db) > URL: https://nyti.ms (moved to https://www.nytimes.com/) > From: README > Status: 200 > Message: OK > > URL: https://t.co/mtXLLfYOYE (moved to > https://www.bbc.co.uk/news/blogs-trending-47975564) > From: README > Status: 200 > Message: OK > > ______________________________________________ > R-devel at r-project.org mailing list > https://stat.ethz.ch/mailman/listinfo/r-devel >
On 16/09/2020 4:51 p.m., Simon Urbanek wrote:> I can't comment for CRAN, but generally, shorteners are considered security risk so regardless of the 301 handling I think flagging those is a good idea. Also I think it is particularly bad to use them in manuals because it hides the target so the user has no idea what hey will get.I agree, and we do have \href{}{} in Rd files and similar in other formats for giving text of a link different than the URL if the URL is inconveniently long. There's still a bit of a security issue though: the built in help browser (at least in MacOS) doesn't show the full URL when you hover over the link, as most browsers do. So one could have \href{https://disney.org}{https://horrible.web.site} Duncan Murdoch> > Cheers, > Simon > > >> On Sep 17, 2020, at 5:35 AM, G?bor Cs?rdi <csardi.gabor at gmail.com> wrote: >> >> Dear all, >> >> the new CRAN URL checks flag HTTP 301 redirects. While I understand >> the intent, I think this is unfortunate, because several URL shortener >> services use 301 redirects, and often a shorter URL is actually better >> in a manual page than a longer one that can be several lines long in >> the console and also potentially truncated in the PDF manual. >> >> Some example shorteners that are flagged: >> >>> db <- tools:::url_db(c("https://nyti.ms", "https://t.co/mtXLLfYOYE"), "README") >>> tools:::check_url_db(db) >> URL: https://nyti.ms (moved to https://www.nytimes.com/) >> From: README >> Status: 200 >> Message: OK >> >> URL: https://t.co/mtXLLfYOYE (moved to >> https://www.bbc.co.uk/news/blogs-trending-47975564) >> From: README >> Status: 200 >> Message: OK >> >> ______________________________________________ >> R-devel at r-project.org mailing list >> https://stat.ethz.ch/mailman/listinfo/r-devel >> > > ______________________________________________ > R-devel at r-project.org mailing list > https://stat.ethz.ch/mailman/listinfo/r-devel >