New URL redirect checks

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|

New URL redirect checks

Gábor Csárdi
Dear all,

the new CRAN URL checks flag HTTP 301 redirects. While I understand
the intent, I think this is unfortunate, because several URL shortener
services use 301 redirects, and often a shorter URL is actually better
in a manual page than a longer one that can be several lines long in
the console and also potentially truncated in the PDF manual.

Some example shorteners that are flagged:

> db <- tools:::url_db(c("https://nyti.ms", "https://t.co/mtXLLfYOYE"), "README")
> tools:::check_url_db(db)
URL: https://nyti.ms (moved to https://www.nytimes.com/)
From: README
Status: 200
Message: OK

URL: https://t.co/mtXLLfYOYE (moved to
https://www.bbc.co.uk/news/blogs-trending-47975564)
From: README
Status: 200
Message: OK

______________________________________________
[hidden email] mailing list
https://stat.ethz.ch/mailman/listinfo/r-devel
Reply | Threaded
Open this post in threaded view
|

Re: New URL redirect checks

Simon Urbanek
I can't comment for CRAN, but generally, shorteners are considered security risk so regardless of the 301 handling I think flagging those is a good idea. Also I think it is particularly bad to use them in manuals because it hides the target so the user has no idea what hey will get.

Cheers,
Simon


> On Sep 17, 2020, at 5:35 AM, Gábor Csárdi <[hidden email]> wrote:
>
> Dear all,
>
> the new CRAN URL checks flag HTTP 301 redirects. While I understand
> the intent, I think this is unfortunate, because several URL shortener
> services use 301 redirects, and often a shorter URL is actually better
> in a manual page than a longer one that can be several lines long in
> the console and also potentially truncated in the PDF manual.
>
> Some example shorteners that are flagged:
>
>> db <- tools:::url_db(c("https://nyti.ms", "https://t.co/mtXLLfYOYE"), "README")
>> tools:::check_url_db(db)
> URL: https://nyti.ms (moved to https://www.nytimes.com/)
> From: README
> Status: 200
> Message: OK
>
> URL: https://t.co/mtXLLfYOYE (moved to
> https://www.bbc.co.uk/news/blogs-trending-47975564)
> From: README
> Status: 200
> Message: OK
>
> ______________________________________________
> [hidden email] mailing list
> https://stat.ethz.ch/mailman/listinfo/r-devel
>

______________________________________________
[hidden email] mailing list
https://stat.ethz.ch/mailman/listinfo/r-devel
Reply | Threaded
Open this post in threaded view
|

Re: New URL redirect checks

Duncan Murdoch-2
On 16/09/2020 4:51 p.m., Simon Urbanek wrote:
> I can't comment for CRAN, but generally, shorteners are considered security risk so regardless of the 301 handling I think flagging those is a good idea. Also I think it is particularly bad to use them in manuals because it hides the target so the user has no idea what hey will get.

I agree, and we do have \href{}{} in Rd files and similar in other
formats for giving text of a link different than the URL if the URL is
inconveniently long.  There's still a bit of a security issue though:
the built in help browser (at least in MacOS) doesn't show the full URL
when you hover over the link, as most browsers do.  So one could have

\href{https://disney.org}{https://horrible.web.site}

Duncan Murdoch


>
> Cheers,
> Simon
>
>
>> On Sep 17, 2020, at 5:35 AM, Gábor Csárdi <[hidden email]> wrote:
>>
>> Dear all,
>>
>> the new CRAN URL checks flag HTTP 301 redirects. While I understand
>> the intent, I think this is unfortunate, because several URL shortener
>> services use 301 redirects, and often a shorter URL is actually better
>> in a manual page than a longer one that can be several lines long in
>> the console and also potentially truncated in the PDF manual.
>>
>> Some example shorteners that are flagged:
>>
>>> db <- tools:::url_db(c("https://nyti.ms", "https://t.co/mtXLLfYOYE"), "README")
>>> tools:::check_url_db(db)
>> URL: https://nyti.ms (moved to https://www.nytimes.com/)
>> From: README
>> Status: 200
>> Message: OK
>>
>> URL: https://t.co/mtXLLfYOYE (moved to
>> https://www.bbc.co.uk/news/blogs-trending-47975564)
>> From: README
>> Status: 200
>> Message: OK
>>
>> ______________________________________________
>> [hidden email] mailing list
>> https://stat.ethz.ch/mailman/listinfo/r-devel
>>
>
> ______________________________________________
> [hidden email] mailing list
> https://stat.ethz.ch/mailman/listinfo/r-devel
>

______________________________________________
[hidden email] mailing list
https://stat.ethz.ch/mailman/listinfo/r-devel
Reply | Threaded
Open this post in threaded view
|

Re: New URL redirect checks

Bob Rudis
 I was going to offer my opine on security risks but some prominent R folks
tend to woefully inaccurately knee-jerk/react badly to my 25+ year expert
opinion on such things and create childish website verbiage to show their
lack of maturity (who knew random developers can become security experts
overnight with no training or experience?).

Allowing shorteners is a terrible, woefully insecure idea. I fully support
CRAN’s position.

I’d likely counsel any folks looking to move to R and CRAN packages to seek
Scala or Julia ecosystems instead if it were to be overturned.

But, hey, what do I know.

-boB

On Sep 16, 2020 at 5:50:52 PM, Duncan Murdoch <[hidden email]>
wrote:

> On 16/09/2020 4:51 p.m., Simon Urbanek wrote:
>
> I can't comment for CRAN, but generally, shorteners are considered
> security risk so regardless of the 301 handling I think flagging those is a
> good idea. Also I think it is particularly bad to use them in manuals
> because it hides the target so the user has no idea what hey will get.
>
>
> I agree, and we do have \href{}{} in Rd files and similar in other
> formats for giving text of a link different than the URL if the URL is
> inconveniently long.  There's still a bit of a security issue though:
> the built in help browser (at least in MacOS) doesn't show the full URL
> when you hover over the link, as most browsers do.  So one could have
>
> \href{https://disney.org}{https://horrible.web.site}
>
> Duncan Murdoch
>
>
>
> Cheers,
>
> Simon
>
>
>
> > On Sep 17, 2020, at 5:35 AM, Gábor Csárdi <[hidden email]>
> wrote:
>
> >
>
> > Dear all,
>
> >
>
> > the new CRAN URL checks flag HTTP 301 redirects. While I understand
>
> > the intent, I think this is unfortunate, because several URL shortener
>
> > services use 301 redirects, and often a shorter URL is actually better
>
> > in a manual page than a longer one that can be several lines long in
>
> > the console and also potentially truncated in the PDF manual.
>
> >
>
> > Some example shorteners that are flagged:
>
> >
>
> >> db <- tools:::url_db(c("https://nyti.ms", "https://t.co/mtXLLfYOYE"),
> "README")
>
> >> tools:::check_url_db(db)
>
> > URL: https://nyti.ms (moved to https://www.nytimes.com/)
>
> > From: README
>
> > Status: 200
>
> > Message: OK
>
> >
>
> > URL: https://t.co/mtXLLfYOYE (moved to
>
> > https://www.bbc.co.uk/news/blogs-trending-47975564)
>
> > From: README
>
> > Status: 200
>
> > Message: OK
>
> >
>
> > ______________________________________________
>
> > [hidden email] mailing list
>
> > https://stat.ethz.ch/mailman/listinfo/r-devel
>
> >
>
>
> ______________________________________________
>
> [hidden email] mailing list
>
> https://stat.ethz.ch/mailman/listinfo/r-devel
>
>
>
> ______________________________________________
> [hidden email] mailing list
> https://stat.ethz.ch/mailman/listinfo/r-devel
>

        [[alternative HTML version deleted]]

______________________________________________
[hidden email] mailing list
https://stat.ethz.ch/mailman/listinfo/r-devel
Reply | Threaded
Open this post in threaded view
|

Re: New URL redirect checks

Gábor Csárdi
In reply to this post by Duncan Murdoch-2
Right, I am sorry, I did not realize the security aspect here. I guess
I unconsciously treated CRAN package authors as a trusted source.

Thanks for the correction and clarification, and to CRAN for
implementing these checks. :)

G.

On Wed, Sep 16, 2020 at 10:50 PM Duncan Murdoch
<[hidden email]> wrote:

>
> On 16/09/2020 4:51 p.m., Simon Urbanek wrote:
> > I can't comment for CRAN, but generally, shorteners are considered security risk so regardless of the 301 handling I think flagging those is a good idea. Also I think it is particularly bad to use them in manuals because it hides the target so the user has no idea what hey will get.
>
> I agree, and we do have \href{}{} in Rd files and similar in other
> formats for giving text of a link different than the URL if the URL is
> inconveniently long.  There's still a bit of a security issue though:
> the built in help browser (at least in MacOS) doesn't show the full URL
> when you hover over the link, as most browsers do.  So one could have
>
> \href{https://disney.org}{https://horrible.web.site}
>
> Duncan Murdoch
>
>
> >
> > Cheers,
> > Simon
> >
> >
> >> On Sep 17, 2020, at 5:35 AM, Gábor Csárdi <[hidden email]> wrote:
> >>
> >> Dear all,
> >>
> >> the new CRAN URL checks flag HTTP 301 redirects. While I understand
> >> the intent, I think this is unfortunate, because several URL shortener
> >> services use 301 redirects, and often a shorter URL is actually better
> >> in a manual page than a longer one that can be several lines long in
> >> the console and also potentially truncated in the PDF manual.
> >>
> >> Some example shorteners that are flagged:
> >>
> >>> db <- tools:::url_db(c("https://nyti.ms", "https://t.co/mtXLLfYOYE"), "README")
> >>> tools:::check_url_db(db)
> >> URL: https://nyti.ms (moved to https://www.nytimes.com/)
> >> From: README
> >> Status: 200
> >> Message: OK
> >>
> >> URL: https://t.co/mtXLLfYOYE (moved to
> >> https://www.bbc.co.uk/news/blogs-trending-47975564)
> >> From: README
> >> Status: 200
> >> Message: OK
> >>
> >> ______________________________________________
> >> [hidden email] mailing list
> >> https://stat.ethz.ch/mailman/listinfo/r-devel
> >>
> >
> > ______________________________________________
> > [hidden email] mailing list
> > https://stat.ethz.ch/mailman/listinfo/r-devel
> >
>

______________________________________________
[hidden email] mailing list
https://stat.ethz.ch/mailman/listinfo/r-devel
Reply | Threaded
Open this post in threaded view
|

Re: New URL redirect checks

Yihui Xie-2
I don't have an opinion on the URL shorteners, but how about the
original question? Redirection can be extremely useful in general.
Shortening URLs is only one of its possible applications. FWIW, CRAN
uses (303) redirect itself, e.g.,
https://cran.r-project.org/package=MASS is redirected to
https://cran.r-project.org/web/packages/MASS/index.html Should these
"canonical" CRAN links be disallowed in packages, too? Just as another
example, https://cran.r-project.org/bin/windows/base/release.html is
redirected to the latest Windows installer of R (through the <meta>
tag).

If the intent of the new URL redirect check is to disallow using URL
shorteners like bit.ly or nyti.ms, that may be fair, but it it is to
disallow using any URLs that are redirected, I think this CRAN policy
may be worth a reconsideration.

Regards,
Yihui
--
https://yihui.org


On Thu, Sep 17, 2020 at 3:26 AM Gábor Csárdi <[hidden email]> wrote:

>
> Right, I am sorry, I did not realize the security aspect here. I guess
> I unconsciously treated CRAN package authors as a trusted source.
>
> Thanks for the correction and clarification, and to CRAN for
> implementing these checks. :)
>
> G.
>
> On Wed, Sep 16, 2020 at 10:50 PM Duncan Murdoch
> <[hidden email]> wrote:
> >
> > On 16/09/2020 4:51 p.m., Simon Urbanek wrote:
> > > I can't comment for CRAN, but generally, shorteners are considered security risk so regardless of the 301 handling I think flagging those is a good idea. Also I think it is particularly bad to use them in manuals because it hides the target so the user has no idea what hey will get.
> >
> > I agree, and we do have \href{}{} in Rd files and similar in other
> > formats for giving text of a link different than the URL if the URL is
> > inconveniently long.  There's still a bit of a security issue though:
> > the built in help browser (at least in MacOS) doesn't show the full URL
> > when you hover over the link, as most browsers do.  So one could have
> >
> > \href{https://disney.org}{https://horrible.web.site}
> >
> > Duncan Murdoch
> >
> >
> > >
> > > Cheers,
> > > Simon
> > >
> > >
> > >> On Sep 17, 2020, at 5:35 AM, Gábor Csárdi <[hidden email]> wrote:
> > >>
> > >> Dear all,
> > >>
> > >> the new CRAN URL checks flag HTTP 301 redirects. While I understand
> > >> the intent, I think this is unfortunate, because several URL shortener
> > >> services use 301 redirects, and often a shorter URL is actually better
> > >> in a manual page than a longer one that can be several lines long in
> > >> the console and also potentially truncated in the PDF manual.
> > >>
> > >> Some example shorteners that are flagged:
> > >>
> > >>> db <- tools:::url_db(c("https://nyti.ms", "https://t.co/mtXLLfYOYE"), "README")
> > >>> tools:::check_url_db(db)
> > >> URL: https://nyti.ms (moved to https://www.nytimes.com/)
> > >> From: README
> > >> Status: 200
> > >> Message: OK
> > >>
> > >> URL: https://t.co/mtXLLfYOYE (moved to
> > >> https://www.bbc.co.uk/news/blogs-trending-47975564)
> > >> From: README
> > >> Status: 200
> > >> Message: OK
> > >>
> > >> ______________________________________________
> > >> [hidden email] mailing list
> > >> https://stat.ethz.ch/mailman/listinfo/r-devel
> > >>
> > >
> > > ______________________________________________
> > > [hidden email] mailing list
> > > https://stat.ethz.ch/mailman/listinfo/r-devel
> > >
> >
>
> ______________________________________________
> [hidden email] mailing list
> https://stat.ethz.ch/mailman/listinfo/r-devel

______________________________________________
[hidden email] mailing list
https://stat.ethz.ch/mailman/listinfo/r-devel
Reply | Threaded
Open this post in threaded view
|

Re: New URL redirect checks

Kevin Wright-5
Isn't the whole concept of DOI basically link-shortening/redirecting?

For example, this link
https://doi.org/10.2134/agronj2016.07.0395
redirects to
https://acsess.onlinelibrary.wiley.com/doi/abs/10.2134/agronj2016.07.0395

As a side note, I got so fed up with CRAN check complaints about (perfectly
valid) re-directs that I refuse to use the \url{} tag anymore.

Kevin


On Thu, Sep 17, 2020 at 8:32 AM Yihui Xie <[hidden email]> wrote:

> I don't have an opinion on the URL shorteners, but how about the
> original question? Redirection can be extremely useful in general.
> Shortening URLs is only one of its possible applications. FWIW, CRAN
> uses (303) redirect itself, e.g.,
> https://cran.r-project.org/package=MASS is redirected to
> https://cran.r-project.org/web/packages/MASS/index.html Should these
> "canonical" CRAN links be disallowed in packages, too? Just as another
> example, https://cran.r-project.org/bin/windows/base/release.html is
> redirected to the latest Windows installer of R (through the <meta>
> tag).
>
> If the intent of the new URL redirect check is to disallow using URL
> shorteners like bit.ly or nyti.ms, that may be fair, but it it is to
> disallow using any URLs that are redirected, I think this CRAN policy
> may be worth a reconsideration.
>
> Regards,
> Yihui
> --
> https://yihui.org
>
>
> On Thu, Sep 17, 2020 at 3:26 AM Gábor Csárdi <[hidden email]>
> wrote:
> >
> > Right, I am sorry, I did not realize the security aspect here. I guess
> > I unconsciously treated CRAN package authors as a trusted source.
> >
> > Thanks for the correction and clarification, and to CRAN for
> > implementing these checks. :)
> >
> > G.
> >
> > On Wed, Sep 16, 2020 at 10:50 PM Duncan Murdoch
> > <[hidden email]> wrote:
> > >
> > > On 16/09/2020 4:51 p.m., Simon Urbanek wrote:
> > > > I can't comment for CRAN, but generally, shorteners are considered
> security risk so regardless of the 301 handling I think flagging those is a
> good idea. Also I think it is particularly bad to use them in manuals
> because it hides the target so the user has no idea what hey will get.
> > >
> > > I agree, and we do have \href{}{} in Rd files and similar in other
> > > formats for giving text of a link different than the URL if the URL is
> > > inconveniently long.  There's still a bit of a security issue though:
> > > the built in help browser (at least in MacOS) doesn't show the full URL
> > > when you hover over the link, as most browsers do.  So one could have
> > >
> > > \href{https://disney.org}{https://horrible.web.site}
> > >
> > > Duncan Murdoch
> > >
> > >
> > > >
> > > > Cheers,
> > > > Simon
> > > >
> > > >
> > > >> On Sep 17, 2020, at 5:35 AM, Gábor Csárdi <[hidden email]>
> wrote:
> > > >>
> > > >> Dear all,
> > > >>
> > > >> the new CRAN URL checks flag HTTP 301 redirects. While I understand
> > > >> the intent, I think this is unfortunate, because several URL
> shortener
> > > >> services use 301 redirects, and often a shorter URL is actually
> better
> > > >> in a manual page than a longer one that can be several lines long in
> > > >> the console and also potentially truncated in the PDF manual.
> > > >>
> > > >> Some example shorteners that are flagged:
> > > >>
> > > >>> db <- tools:::url_db(c("https://nyti.ms", "https://t.co/mtXLLfYOYE"),
> "README")
> > > >>> tools:::check_url_db(db)
> > > >> URL: https://nyti.ms (moved to https://www.nytimes.com/)
> > > >> From: README
> > > >> Status: 200
> > > >> Message: OK
> > > >>
> > > >> URL: https://t.co/mtXLLfYOYE (moved to
> > > >> https://www.bbc.co.uk/news/blogs-trending-47975564)
> > > >> From: README
> > > >> Status: 200
> > > >> Message: OK
> > > >>
> > > >> ______________________________________________
> > > >> [hidden email] mailing list
> > > >> https://stat.ethz.ch/mailman/listinfo/r-devel
> > > >>
> > > >
> > > > ______________________________________________
> > > > [hidden email] mailing list
> > > > https://stat.ethz.ch/mailman/listinfo/r-devel
> > > >
> > >
> >
> > ______________________________________________
> > [hidden email] mailing list
> > https://stat.ethz.ch/mailman/listinfo/r-devel
>
> ______________________________________________
> [hidden email] mailing list
> https://stat.ethz.ch/mailman/listinfo/r-devel
>


--
Kevin Wright

        [[alternative HTML version deleted]]

______________________________________________
[hidden email] mailing list
https://stat.ethz.ch/mailman/listinfo/r-devel
Reply | Threaded
Open this post in threaded view
|

Re: New URL redirect checks

Yihui Xie-2
Me too. I have changed some valid URLs in \url{} to \verb{} just to
avoid these check NOTEs. I do appreciate the check for the validity of
URLs in packages, especially those dead links (404), but discouraging
URLs with status code other than 200 (such as 301) feels like
overdoing the job. After I "hide" links from R CMD check with \verb{}
, it will be hard to know if these links are still valid in the
future.

Regards,
Yihui

On Tue, Sep 22, 2020 at 1:17 PM Kevin Wright <[hidden email]> wrote:

>
> Isn't the whole concept of DOI basically link-shortening/redirecting?
>
> For example, this link
> https://doi.org/10.2134/agronj2016.07.0395
> redirects to
> https://acsess.onlinelibrary.wiley.com/doi/abs/10.2134/agronj2016.07.0395
>
> As a side note, I got so fed up with CRAN check complaints about (perfectly valid) re-directs that I refuse to use the \url{} tag anymore.
>
> Kevin
>
>
> On Thu, Sep 17, 2020 at 8:32 AM Yihui Xie <[hidden email]> wrote:
>>
>> I don't have an opinion on the URL shorteners, but how about the
>> original question? Redirection can be extremely useful in general.
>> Shortening URLs is only one of its possible applications. FWIW, CRAN
>> uses (303) redirect itself, e.g.,
>> https://cran.r-project.org/package=MASS is redirected to
>> https://cran.r-project.org/web/packages/MASS/index.html Should these
>> "canonical" CRAN links be disallowed in packages, too? Just as another
>> example, https://cran.r-project.org/bin/windows/base/release.html is
>> redirected to the latest Windows installer of R (through the <meta>
>> tag).
>>
>> If the intent of the new URL redirect check is to disallow using URL
>> shorteners like bit.ly or nyti.ms, that may be fair, but it it is to
>> disallow using any URLs that are redirected, I think this CRAN policy
>> may be worth a reconsideration.
>>
>> Regards,
>> Yihui
>> --
>> https://yihui.org
>>
>>
>> On Thu, Sep 17, 2020 at 3:26 AM Gábor Csárdi <[hidden email]> wrote:
>> >
>> > Right, I am sorry, I did not realize the security aspect here. I guess
>> > I unconsciously treated CRAN package authors as a trusted source.
>> >
>> > Thanks for the correction and clarification, and to CRAN for
>> > implementing these checks. :)
>> >
>> > G.
>> >
>> > On Wed, Sep 16, 2020 at 10:50 PM Duncan Murdoch
>> > <[hidden email]> wrote:
>> > >
>> > > On 16/09/2020 4:51 p.m., Simon Urbanek wrote:
>> > > > I can't comment for CRAN, but generally, shorteners are considered security risk so regardless of the 301 handling I think flagging those is a good idea. Also I think it is particularly bad to use them in manuals because it hides the target so the user has no idea what hey will get.
>> > >
>> > > I agree, and we do have \href{}{} in Rd files and similar in other
>> > > formats for giving text of a link different than the URL if the URL is
>> > > inconveniently long.  There's still a bit of a security issue though:
>> > > the built in help browser (at least in MacOS) doesn't show the full URL
>> > > when you hover over the link, as most browsers do.  So one could have
>> > >
>> > > \href{https://disney.org}{https://horrible.web.site}
>> > >
>> > > Duncan Murdoch
>> > >
>> > >
>> > > >
>> > > > Cheers,
>> > > > Simon
>> > > >
>> > > >
>> > > >> On Sep 17, 2020, at 5:35 AM, Gábor Csárdi <[hidden email]> wrote:
>> > > >>
>> > > >> Dear all,
>> > > >>
>> > > >> the new CRAN URL checks flag HTTP 301 redirects. While I understand
>> > > >> the intent, I think this is unfortunate, because several URL shortener
>> > > >> services use 301 redirects, and often a shorter URL is actually better
>> > > >> in a manual page than a longer one that can be several lines long in
>> > > >> the console and also potentially truncated in the PDF manual.
>> > > >>
>> > > >> Some example shorteners that are flagged:
>> > > >>
>> > > >>> db <- tools:::url_db(c("https://nyti.ms", "https://t.co/mtXLLfYOYE"), "README")
>> > > >>> tools:::check_url_db(db)
>> > > >> URL: https://nyti.ms (moved to https://www.nytimes.com/)
>> > > >> From: README
>> > > >> Status: 200
>> > > >> Message: OK
>> > > >>
>> > > >> URL: https://t.co/mtXLLfYOYE (moved to
>> > > >> https://www.bbc.co.uk/news/blogs-trending-47975564)
>> > > >> From: README
>> > > >> Status: 200
>> > > >> Message: OK
>> > > >>
>> > > >> ______________________________________________
>> > > >> [hidden email] mailing list
>> > > >> https://stat.ethz.ch/mailman/listinfo/r-devel
>> > > >>
>> > > >
>> > > > ______________________________________________
>> > > > [hidden email] mailing list
>> > > > https://stat.ethz.ch/mailman/listinfo/r-devel
>> > > >
>> > >
>> >
>> > ______________________________________________
>> > [hidden email] mailing list
>> > https://stat.ethz.ch/mailman/listinfo/r-devel
>>
>> ______________________________________________
>> [hidden email] mailing list
>> https://stat.ethz.ch/mailman/listinfo/r-devel
>
>
>
> --
> Kevin Wright

______________________________________________
[hidden email] mailing list
https://stat.ethz.ch/mailman/listinfo/r-devel
Reply | Threaded
Open this post in threaded view
|

Re: New URL redirect checks

J C Nash
Does this issue fit in the more general one of centralized vs
partitioned checks? I've suggested before that the CRAN team
seems (and I'll be honest and admit I don't have a good knowledge
of how they work) to favour an all-in-one checking, whereas it
might be helpful to developers and also widen the "CRAN checking"
team to partition checks. Partitioned checks would allow the
particular problems that are raised to be dealt with in a more
focussed action. URLs seem an obvious candidate, since
link checking is used outside of R packages.

I'm sure there are others besides myself who would contribute
to such activities. After all, the partitioned checks could be
contributed packages themselves.

JN



On 2020-09-22 9:50 p.m., Yihui Xie wrote:

> Me too. I have changed some valid URLs in \url{} to \verb{} just to
> avoid these check NOTEs. I do appreciate the check for the validity of
> URLs in packages, especially those dead links (404), but discouraging
> URLs with status code other than 200 (such as 301) feels like
> overdoing the job. After I "hide" links from R CMD check with \verb{}
> , it will be hard to know if these links are still valid in the
> future.
>
> Regards,
> Yihui
>
> On Tue, Sep 22, 2020 at 1:17 PM Kevin Wright <[hidden email]> wrote:
>>
>> Isn't the whole concept of DOI basically link-shortening/redirecting?
>>
>> For example, this link
>> https://doi.org/10.2134/agronj2016.07.0395
>> redirects to
>> https://acsess.onlinelibrary.wiley.com/doi/abs/10.2134/agronj2016.07.0395
>>
>> As a side note, I got so fed up with CRAN check complaints about (perfectly valid) re-directs that I refuse to use the \url{} tag anymore.
>>
>> Kevin
>>
>>
>> On Thu, Sep 17, 2020 at 8:32 AM Yihui Xie <[hidden email]> wrote:
>>>
>>> I don't have an opinion on the URL shorteners, but how about the
>>> original question? Redirection can be extremely useful in general.
>>> Shortening URLs is only one of its possible applications. FWIW, CRAN
>>> uses (303) redirect itself, e.g.,
>>> https://cran.r-project.org/package=MASS is redirected to
>>> https://cran.r-project.org/web/packages/MASS/index.html Should these
>>> "canonical" CRAN links be disallowed in packages, too? Just as another
>>> example, https://cran.r-project.org/bin/windows/base/release.html is
>>> redirected to the latest Windows installer of R (through the <meta>
>>> tag).
>>>
>>> If the intent of the new URL redirect check is to disallow using URL
>>> shorteners like bit.ly or nyti.ms, that may be fair, but it it is to
>>> disallow using any URLs that are redirected, I think this CRAN policy
>>> may be worth a reconsideration.
>>>
>>> Regards,
>>> Yihui
>>> --
>>> https://yihui.org
>>>
>>>
>>> On Thu, Sep 17, 2020 at 3:26 AM Gábor Csárdi <[hidden email]> wrote:
>>>>
>>>> Right, I am sorry, I did not realize the security aspect here. I guess
>>>> I unconsciously treated CRAN package authors as a trusted source.
>>>>
>>>> Thanks for the correction and clarification, and to CRAN for
>>>> implementing these checks. :)
>>>>
>>>> G.
>>>>
>>>> On Wed, Sep 16, 2020 at 10:50 PM Duncan Murdoch
>>>> <[hidden email]> wrote:
>>>>>
>>>>> On 16/09/2020 4:51 p.m., Simon Urbanek wrote:
>>>>>> I can't comment for CRAN, but generally, shorteners are considered security risk so regardless of the 301 handling I think flagging those is a good idea. Also I think it is particularly bad to use them in manuals because it hides the target so the user has no idea what hey will get.
>>>>>
>>>>> I agree, and we do have \href{}{} in Rd files and similar in other
>>>>> formats for giving text of a link different than the URL if the URL is
>>>>> inconveniently long.  There's still a bit of a security issue though:
>>>>> the built in help browser (at least in MacOS) doesn't show the full URL
>>>>> when you hover over the link, as most browsers do.  So one could have
>>>>>
>>>>> \href{https://disney.org}{https://horrible.web.site}
>>>>>
>>>>> Duncan Murdoch
>>>>>
>>>>>
>>>>>>
>>>>>> Cheers,
>>>>>> Simon
>>>>>>
>>>>>>
>>>>>>> On Sep 17, 2020, at 5:35 AM, Gábor Csárdi <[hidden email]> wrote:
>>>>>>>
>>>>>>> Dear all,
>>>>>>>
>>>>>>> the new CRAN URL checks flag HTTP 301 redirects. While I understand
>>>>>>> the intent, I think this is unfortunate, because several URL shortener
>>>>>>> services use 301 redirects, and often a shorter URL is actually better
>>>>>>> in a manual page than a longer one that can be several lines long in
>>>>>>> the console and also potentially truncated in the PDF manual.
>>>>>>>
>>>>>>> Some example shorteners that are flagged:
>>>>>>>
>>>>>>>> db <- tools:::url_db(c("https://nyti.ms", "https://t.co/mtXLLfYOYE"), "README")
>>>>>>>> tools:::check_url_db(db)
>>>>>>> URL: https://nyti.ms (moved to https://www.nytimes.com/)
>>>>>>> From: README
>>>>>>> Status: 200
>>>>>>> Message: OK
>>>>>>>
>>>>>>> URL: https://t.co/mtXLLfYOYE (moved to
>>>>>>> https://www.bbc.co.uk/news/blogs-trending-47975564)
>>>>>>> From: README
>>>>>>> Status: 200
>>>>>>> Message: OK
>>>>>>>
>>>>>>> ______________________________________________
>>>>>>> [hidden email] mailing list
>>>>>>> https://stat.ethz.ch/mailman/listinfo/r-devel
>>>>>>>
>>>>>>
>>>>>> ______________________________________________
>>>>>> [hidden email] mailing list
>>>>>> https://stat.ethz.ch/mailman/listinfo/r-devel
>>>>>>
>>>>>
>>>>
>>>> ______________________________________________
>>>> [hidden email] mailing list
>>>> https://stat.ethz.ch/mailman/listinfo/r-devel
>>>
>>> ______________________________________________
>>> [hidden email] mailing list
>>> https://stat.ethz.ch/mailman/listinfo/r-devel
>>
>>
>>
>> --
>> Kevin Wright
>
> ______________________________________________
> [hidden email] mailing list
> https://stat.ethz.ch/mailman/listinfo/r-devel
>

______________________________________________
[hidden email] mailing list
https://stat.ethz.ch/mailman/listinfo/r-devel