I don't have an opinion on the URL shorteners, but how about the original question? Redirection can be extremely useful in general. Shortening URLs is only one of its possible applications. FWIW, CRAN uses (303) redirect itself, e.g., https://cran.r-project.org/package=MASS is redirected to https://cran.r-project.org/web/packages/MASS/index.html Should these "canonical" CRAN links be disallowed in packages, too? Just as another example, https://cran.r-project.org/bin/windows/base/release.html is redirected to the latest Windows installer of R (through the <meta> tag). If the intent of the new URL redirect check is to disallow using URL shorteners like bit.ly or nyti.ms, that may be fair, but it it is to disallow using any URLs that are redirected, I think this CRAN policy may be worth a reconsideration. Regards, Yihui -- https://yihui.org On Thu, Sep 17, 2020 at 3:26 AM G?bor Cs?rdi <csardi.gabor at gmail.com> wrote:> > Right, I am sorry, I did not realize the security aspect here. I guess > I unconsciously treated CRAN package authors as a trusted source. > > Thanks for the correction and clarification, and to CRAN for > implementing these checks. :) > > G. > > On Wed, Sep 16, 2020 at 10:50 PM Duncan Murdoch > <murdoch.duncan at gmail.com> wrote: > > > > On 16/09/2020 4:51 p.m., Simon Urbanek wrote: > > > I can't comment for CRAN, but generally, shorteners are considered security risk so regardless of the 301 handling I think flagging those is a good idea. Also I think it is particularly bad to use them in manuals because it hides the target so the user has no idea what hey will get. > > > > I agree, and we do have \href{}{} in Rd files and similar in other > > formats for giving text of a link different than the URL if the URL is > > inconveniently long. There's still a bit of a security issue though: > > the built in help browser (at least in MacOS) doesn't show the full URL > > when you hover over the link, as most browsers do. So one could have > > > > \href{https://disney.org}{https://horrible.web.site} > > > > Duncan Murdoch > > > > > > > > > > Cheers, > > > Simon > > > > > > > > >> On Sep 17, 2020, at 5:35 AM, G?bor Cs?rdi <csardi.gabor at gmail.com> wrote: > > >> > > >> Dear all, > > >> > > >> the new CRAN URL checks flag HTTP 301 redirects. While I understand > > >> the intent, I think this is unfortunate, because several URL shortener > > >> services use 301 redirects, and often a shorter URL is actually better > > >> in a manual page than a longer one that can be several lines long in > > >> the console and also potentially truncated in the PDF manual. > > >> > > >> Some example shorteners that are flagged: > > >> > > >>> db <- tools:::url_db(c("https://nyti.ms", "https://t.co/mtXLLfYOYE"), "README") > > >>> tools:::check_url_db(db) > > >> URL: https://nyti.ms (moved to https://www.nytimes.com/) > > >> From: README > > >> Status: 200 > > >> Message: OK > > >> > > >> URL: https://t.co/mtXLLfYOYE (moved to > > >> https://www.bbc.co.uk/news/blogs-trending-47975564) > > >> From: README > > >> Status: 200 > > >> Message: OK > > >> > > >> ______________________________________________ > > >> R-devel at r-project.org mailing list > > >> https://stat.ethz.ch/mailman/listinfo/r-devel > > >> > > > > > > ______________________________________________ > > > R-devel at r-project.org mailing list > > > https://stat.ethz.ch/mailman/listinfo/r-devel > > > > > > > ______________________________________________ > R-devel at r-project.org mailing list > https://stat.ethz.ch/mailman/listinfo/r-devel
Isn't the whole concept of DOI basically link-shortening/redirecting? For example, this link https://doi.org/10.2134/agronj2016.07.0395 redirects to https://acsess.onlinelibrary.wiley.com/doi/abs/10.2134/agronj2016.07.0395 As a side note, I got so fed up with CRAN check complaints about (perfectly valid) re-directs that I refuse to use the \url{} tag anymore. Kevin On Thu, Sep 17, 2020 at 8:32 AM Yihui Xie <xie at yihui.name> wrote:> I don't have an opinion on the URL shorteners, but how about the > original question? Redirection can be extremely useful in general. > Shortening URLs is only one of its possible applications. FWIW, CRAN > uses (303) redirect itself, e.g., > https://cran.r-project.org/package=MASS is redirected to > https://cran.r-project.org/web/packages/MASS/index.html Should these > "canonical" CRAN links be disallowed in packages, too? Just as another > example, https://cran.r-project.org/bin/windows/base/release.html is > redirected to the latest Windows installer of R (through the <meta> > tag). > > If the intent of the new URL redirect check is to disallow using URL > shorteners like bit.ly or nyti.ms, that may be fair, but it it is to > disallow using any URLs that are redirected, I think this CRAN policy > may be worth a reconsideration. > > Regards, > Yihui > -- > https://yihui.org > > > On Thu, Sep 17, 2020 at 3:26 AM G?bor Cs?rdi <csardi.gabor at gmail.com> > wrote: > > > > Right, I am sorry, I did not realize the security aspect here. I guess > > I unconsciously treated CRAN package authors as a trusted source. > > > > Thanks for the correction and clarification, and to CRAN for > > implementing these checks. :) > > > > G. > > > > On Wed, Sep 16, 2020 at 10:50 PM Duncan Murdoch > > <murdoch.duncan at gmail.com> wrote: > > > > > > On 16/09/2020 4:51 p.m., Simon Urbanek wrote: > > > > I can't comment for CRAN, but generally, shorteners are considered > security risk so regardless of the 301 handling I think flagging those is a > good idea. Also I think it is particularly bad to use them in manuals > because it hides the target so the user has no idea what hey will get. > > > > > > I agree, and we do have \href{}{} in Rd files and similar in other > > > formats for giving text of a link different than the URL if the URL is > > > inconveniently long. There's still a bit of a security issue though: > > > the built in help browser (at least in MacOS) doesn't show the full URL > > > when you hover over the link, as most browsers do. So one could have > > > > > > \href{https://disney.org}{https://horrible.web.site} > > > > > > Duncan Murdoch > > > > > > > > > > > > > > Cheers, > > > > Simon > > > > > > > > > > > >> On Sep 17, 2020, at 5:35 AM, G?bor Cs?rdi <csardi.gabor at gmail.com> > wrote: > > > >> > > > >> Dear all, > > > >> > > > >> the new CRAN URL checks flag HTTP 301 redirects. While I understand > > > >> the intent, I think this is unfortunate, because several URL > shortener > > > >> services use 301 redirects, and often a shorter URL is actually > better > > > >> in a manual page than a longer one that can be several lines long in > > > >> the console and also potentially truncated in the PDF manual. > > > >> > > > >> Some example shorteners that are flagged: > > > >> > > > >>> db <- tools:::url_db(c("https://nyti.ms", "https://t.co/mtXLLfYOYE"), > "README") > > > >>> tools:::check_url_db(db) > > > >> URL: https://nyti.ms (moved to https://www.nytimes.com/) > > > >> From: README > > > >> Status: 200 > > > >> Message: OK > > > >> > > > >> URL: https://t.co/mtXLLfYOYE (moved to > > > >> https://www.bbc.co.uk/news/blogs-trending-47975564) > > > >> From: README > > > >> Status: 200 > > > >> Message: OK > > > >> > > > >> ______________________________________________ > > > >> R-devel at r-project.org mailing list > > > >> https://stat.ethz.ch/mailman/listinfo/r-devel > > > >> > > > > > > > > ______________________________________________ > > > > R-devel at r-project.org mailing list > > > > https://stat.ethz.ch/mailman/listinfo/r-devel > > > > > > > > > > > ______________________________________________ > > R-devel at r-project.org mailing list > > https://stat.ethz.ch/mailman/listinfo/r-devel > > ______________________________________________ > R-devel at r-project.org mailing list > https://stat.ethz.ch/mailman/listinfo/r-devel >-- Kevin Wright [[alternative HTML version deleted]]
Me too. I have changed some valid URLs in \url{} to \verb{} just to avoid these check NOTEs. I do appreciate the check for the validity of URLs in packages, especially those dead links (404), but discouraging URLs with status code other than 200 (such as 301) feels like overdoing the job. After I "hide" links from R CMD check with \verb{} , it will be hard to know if these links are still valid in the future. Regards, Yihui On Tue, Sep 22, 2020 at 1:17 PM Kevin Wright <kw.stat at gmail.com> wrote:> > Isn't the whole concept of DOI basically link-shortening/redirecting? > > For example, this link > https://doi.org/10.2134/agronj2016.07.0395 > redirects to > https://acsess.onlinelibrary.wiley.com/doi/abs/10.2134/agronj2016.07.0395 > > As a side note, I got so fed up with CRAN check complaints about (perfectly valid) re-directs that I refuse to use the \url{} tag anymore. > > Kevin > > > On Thu, Sep 17, 2020 at 8:32 AM Yihui Xie <xie at yihui.name> wrote: >> >> I don't have an opinion on the URL shorteners, but how about the >> original question? Redirection can be extremely useful in general. >> Shortening URLs is only one of its possible applications. FWIW, CRAN >> uses (303) redirect itself, e.g., >> https://cran.r-project.org/package=MASS is redirected to >> https://cran.r-project.org/web/packages/MASS/index.html Should these >> "canonical" CRAN links be disallowed in packages, too? Just as another >> example, https://cran.r-project.org/bin/windows/base/release.html is >> redirected to the latest Windows installer of R (through the <meta> >> tag). >> >> If the intent of the new URL redirect check is to disallow using URL >> shorteners like bit.ly or nyti.ms, that may be fair, but it it is to >> disallow using any URLs that are redirected, I think this CRAN policy >> may be worth a reconsideration. >> >> Regards, >> Yihui >> -- >> https://yihui.org >> >> >> On Thu, Sep 17, 2020 at 3:26 AM G?bor Cs?rdi <csardi.gabor at gmail.com> wrote: >> > >> > Right, I am sorry, I did not realize the security aspect here. I guess >> > I unconsciously treated CRAN package authors as a trusted source. >> > >> > Thanks for the correction and clarification, and to CRAN for >> > implementing these checks. :) >> > >> > G. >> > >> > On Wed, Sep 16, 2020 at 10:50 PM Duncan Murdoch >> > <murdoch.duncan at gmail.com> wrote: >> > > >> > > On 16/09/2020 4:51 p.m., Simon Urbanek wrote: >> > > > I can't comment for CRAN, but generally, shorteners are considered security risk so regardless of the 301 handling I think flagging those is a good idea. Also I think it is particularly bad to use them in manuals because it hides the target so the user has no idea what hey will get. >> > > >> > > I agree, and we do have \href{}{} in Rd files and similar in other >> > > formats for giving text of a link different than the URL if the URL is >> > > inconveniently long. There's still a bit of a security issue though: >> > > the built in help browser (at least in MacOS) doesn't show the full URL >> > > when you hover over the link, as most browsers do. So one could have >> > > >> > > \href{https://disney.org}{https://horrible.web.site} >> > > >> > > Duncan Murdoch >> > > >> > > >> > > > >> > > > Cheers, >> > > > Simon >> > > > >> > > > >> > > >> On Sep 17, 2020, at 5:35 AM, G?bor Cs?rdi <csardi.gabor at gmail.com> wrote: >> > > >> >> > > >> Dear all, >> > > >> >> > > >> the new CRAN URL checks flag HTTP 301 redirects. While I understand >> > > >> the intent, I think this is unfortunate, because several URL shortener >> > > >> services use 301 redirects, and often a shorter URL is actually better >> > > >> in a manual page than a longer one that can be several lines long in >> > > >> the console and also potentially truncated in the PDF manual. >> > > >> >> > > >> Some example shorteners that are flagged: >> > > >> >> > > >>> db <- tools:::url_db(c("https://nyti.ms", "https://t.co/mtXLLfYOYE"), "README") >> > > >>> tools:::check_url_db(db) >> > > >> URL: https://nyti.ms (moved to https://www.nytimes.com/) >> > > >> From: README >> > > >> Status: 200 >> > > >> Message: OK >> > > >> >> > > >> URL: https://t.co/mtXLLfYOYE (moved to >> > > >> https://www.bbc.co.uk/news/blogs-trending-47975564) >> > > >> From: README >> > > >> Status: 200 >> > > >> Message: OK >> > > >> >> > > >> ______________________________________________ >> > > >> R-devel at r-project.org mailing list >> > > >> https://stat.ethz.ch/mailman/listinfo/r-devel >> > > >> >> > > > >> > > > ______________________________________________ >> > > > R-devel at r-project.org mailing list >> > > > https://stat.ethz.ch/mailman/listinfo/r-devel >> > > > >> > > >> > >> > ______________________________________________ >> > R-devel at r-project.org mailing list >> > https://stat.ethz.ch/mailman/listinfo/r-devel >> >> ______________________________________________ >> R-devel at r-project.org mailing list >> https://stat.ethz.ch/mailman/listinfo/r-devel > > > > -- > Kevin Wright