Right, I am sorry, I did not realize the security aspect here. I guess I unconsciously treated CRAN package authors as a trusted source.
Thanks for the correction and clarification, and to CRAN for implementing these checks. :) G. On Wed, Sep 16, 2020 at 10:50 PM Duncan Murdoch <murdoch.dun...@gmail.com> wrote: > > On 16/09/2020 4:51 p.m., Simon Urbanek wrote: > > I can't comment for CRAN, but generally, shorteners are considered security > > risk so regardless of the 301 handling I think flagging those is a good > > idea. Also I think it is particularly bad to use them in manuals because it > > hides the target so the user has no idea what hey will get. > > I agree, and we do have \href{}{} in Rd files and similar in other > formats for giving text of a link different than the URL if the URL is > inconveniently long. There's still a bit of a security issue though: > the built in help browser (at least in MacOS) doesn't show the full URL > when you hover over the link, as most browsers do. So one could have > > \href{https://disney.org}{https://horrible.web.site} > > Duncan Murdoch > > > > > > Cheers, > > Simon > > > > > >> On Sep 17, 2020, at 5:35 AM, Gábor Csárdi <csardi.ga...@gmail.com> wrote: > >> > >> Dear all, > >> > >> the new CRAN URL checks flag HTTP 301 redirects. While I understand > >> the intent, I think this is unfortunate, because several URL shortener > >> services use 301 redirects, and often a shorter URL is actually better > >> in a manual page than a longer one that can be several lines long in > >> the console and also potentially truncated in the PDF manual. > >> > >> Some example shorteners that are flagged: > >> > >>> db <- tools:::url_db(c("https://nyti.ms", "https://t.co/mtXLLfYOYE"), > >>> "README") > >>> tools:::check_url_db(db) > >> URL: https://nyti.ms (moved to https://www.nytimes.com/) > >> From: README > >> Status: 200 > >> Message: OK > >> > >> URL: https://t.co/mtXLLfYOYE (moved to > >> https://www.bbc.co.uk/news/blogs-trending-47975564) > >> From: README > >> Status: 200 > >> Message: OK > >> > >> ______________________________________________ > >> R-devel@r-project.org mailing list > >> https://stat.ethz.ch/mailman/listinfo/r-devel > >> > > > > ______________________________________________ > > R-devel@r-project.org mailing list > > https://stat.ethz.ch/mailman/listinfo/r-devel > > > ______________________________________________ R-devel@r-project.org mailing list https://stat.ethz.ch/mailman/listinfo/r-devel