[Rd] New URL redirect checks
Dear all, the new CRAN URL checks flag HTTP 301 redirects. While I understand the intent, I think this is unfortunate, because several URL shortener services use 301 redirects, and often a shorter URL is actually better in a manual page than a longer one that can be several lines long in the console and also potentially truncated in the PDF manual. Some example shorteners that are flagged: > db <- tools:::url_db(c("https://nyti.ms";, "https://t.co/mtXLLfYOYE";), > "README") > tools:::check_url_db(db) URL: https://nyti.ms (moved to https://www.nytimes.com/) From: README Status: 200 Message: OK URL: https://t.co/mtXLLfYOYE (moved to https://www.bbc.co.uk/news/blogs-trending-47975564) From: README Status: 200 Message: OK __ R-devel@r-project.org mailing list https://stat.ethz.ch/mailman/listinfo/r-devel
Re: [Rd] New URL redirect checks
I can't comment for CRAN, but generally, shorteners are considered security risk so regardless of the 301 handling I think flagging those is a good idea. Also I think it is particularly bad to use them in manuals because it hides the target so the user has no idea what hey will get. Cheers, Simon > On Sep 17, 2020, at 5:35 AM, Gábor Csárdi wrote: > > Dear all, > > the new CRAN URL checks flag HTTP 301 redirects. While I understand > the intent, I think this is unfortunate, because several URL shortener > services use 301 redirects, and often a shorter URL is actually better > in a manual page than a longer one that can be several lines long in > the console and also potentially truncated in the PDF manual. > > Some example shorteners that are flagged: > >> db <- tools:::url_db(c("https://nyti.ms";, "https://t.co/mtXLLfYOYE";), >> "README") >> tools:::check_url_db(db) > URL: https://nyti.ms (moved to https://www.nytimes.com/) > From: README > Status: 200 > Message: OK > > URL: https://t.co/mtXLLfYOYE (moved to > https://www.bbc.co.uk/news/blogs-trending-47975564) > From: README > Status: 200 > Message: OK > > __ > R-devel@r-project.org mailing list > https://stat.ethz.ch/mailman/listinfo/r-devel > __ R-devel@r-project.org mailing list https://stat.ethz.ch/mailman/listinfo/r-devel
Re: [Rd] New URL redirect checks
On 16/09/2020 4:51 p.m., Simon Urbanek wrote: I can't comment for CRAN, but generally, shorteners are considered security risk so regardless of the 301 handling I think flagging those is a good idea. Also I think it is particularly bad to use them in manuals because it hides the target so the user has no idea what hey will get. I agree, and we do have \href{}{} in Rd files and similar in other formats for giving text of a link different than the URL if the URL is inconveniently long. There's still a bit of a security issue though: the built in help browser (at least in MacOS) doesn't show the full URL when you hover over the link, as most browsers do. So one could have \href{https://disney.org}{https://horrible.web.site} Duncan Murdoch Cheers, Simon On Sep 17, 2020, at 5:35 AM, Gábor Csárdi wrote: Dear all, the new CRAN URL checks flag HTTP 301 redirects. While I understand the intent, I think this is unfortunate, because several URL shortener services use 301 redirects, and often a shorter URL is actually better in a manual page than a longer one that can be several lines long in the console and also potentially truncated in the PDF manual. Some example shorteners that are flagged: db <- tools:::url_db(c("https://nyti.ms";, "https://t.co/mtXLLfYOYE";), "README") tools:::check_url_db(db) URL: https://nyti.ms (moved to https://www.nytimes.com/) From: README Status: 200 Message: OK URL: https://t.co/mtXLLfYOYE (moved to https://www.bbc.co.uk/news/blogs-trending-47975564) From: README Status: 200 Message: OK __ R-devel@r-project.org mailing list https://stat.ethz.ch/mailman/listinfo/r-devel __ R-devel@r-project.org mailing list https://stat.ethz.ch/mailman/listinfo/r-devel __ R-devel@r-project.org mailing list https://stat.ethz.ch/mailman/listinfo/r-devel
Re: [Rd] New URL redirect checks
I was going to offer my opine on security risks but some prominent R folks tend to woefully inaccurately knee-jerk/react badly to my 25+ year expert opinion on such things and create childish website verbiage to show their lack of maturity (who knew random developers can become security experts overnight with no training or experience?). Allowing shorteners is a terrible, woefully insecure idea. I fully support CRAN’s position. I’d likely counsel any folks looking to move to R and CRAN packages to seek Scala or Julia ecosystems instead if it were to be overturned. But, hey, what do I know. -boB On Sep 16, 2020 at 5:50:52 PM, Duncan Murdoch wrote: > On 16/09/2020 4:51 p.m., Simon Urbanek wrote: > > I can't comment for CRAN, but generally, shorteners are considered > security risk so regardless of the 301 handling I think flagging those is a > good idea. Also I think it is particularly bad to use them in manuals > because it hides the target so the user has no idea what hey will get. > > > I agree, and we do have \href{}{} in Rd files and similar in other > formats for giving text of a link different than the URL if the URL is > inconveniently long. There's still a bit of a security issue though: > the built in help browser (at least in MacOS) doesn't show the full URL > when you hover over the link, as most browsers do. So one could have > > \href{https://disney.org}{https://horrible.web.site} > > Duncan Murdoch > > > > Cheers, > > Simon > > > > > On Sep 17, 2020, at 5:35 AM, Gábor Csárdi > wrote: > > > > > > Dear all, > > > > > > the new CRAN URL checks flag HTTP 301 redirects. While I understand > > > the intent, I think this is unfortunate, because several URL shortener > > > services use 301 redirects, and often a shorter URL is actually better > > > in a manual page than a longer one that can be several lines long in > > > the console and also potentially truncated in the PDF manual. > > > > > > Some example shorteners that are flagged: > > > > > >> db <- tools:::url_db(c("https://nyti.ms";, "https://t.co/mtXLLfYOYE";), > "README") > > >> tools:::check_url_db(db) > > > URL: https://nyti.ms (moved to https://www.nytimes.com/) > > > From: README > > > Status: 200 > > > Message: OK > > > > > > URL: https://t.co/mtXLLfYOYE (moved to > > > https://www.bbc.co.uk/news/blogs-trending-47975564) > > > From: README > > > Status: 200 > > > Message: OK > > > > > > __ > > > R-devel@r-project.org mailing list > > > https://stat.ethz.ch/mailman/listinfo/r-devel > > > > > > __ > > R-devel@r-project.org mailing list > > https://stat.ethz.ch/mailman/listinfo/r-devel > > > > __ > R-devel@r-project.org mailing list > https://stat.ethz.ch/mailman/listinfo/r-devel > [[alternative HTML version deleted]] __ R-devel@r-project.org mailing list https://stat.ethz.ch/mailman/listinfo/r-devel
Re: [Rd] New URL redirect checks
Right, I am sorry, I did not realize the security aspect here. I guess I unconsciously treated CRAN package authors as a trusted source. Thanks for the correction and clarification, and to CRAN for implementing these checks. :) G. On Wed, Sep 16, 2020 at 10:50 PM Duncan Murdoch wrote: > > On 16/09/2020 4:51 p.m., Simon Urbanek wrote: > > I can't comment for CRAN, but generally, shorteners are considered security > > risk so regardless of the 301 handling I think flagging those is a good > > idea. Also I think it is particularly bad to use them in manuals because it > > hides the target so the user has no idea what hey will get. > > I agree, and we do have \href{}{} in Rd files and similar in other > formats for giving text of a link different than the URL if the URL is > inconveniently long. There's still a bit of a security issue though: > the built in help browser (at least in MacOS) doesn't show the full URL > when you hover over the link, as most browsers do. So one could have > > \href{https://disney.org}{https://horrible.web.site} > > Duncan Murdoch > > > > > > Cheers, > > Simon > > > > > >> On Sep 17, 2020, at 5:35 AM, Gábor Csárdi wrote: > >> > >> Dear all, > >> > >> the new CRAN URL checks flag HTTP 301 redirects. While I understand > >> the intent, I think this is unfortunate, because several URL shortener > >> services use 301 redirects, and often a shorter URL is actually better > >> in a manual page than a longer one that can be several lines long in > >> the console and also potentially truncated in the PDF manual. > >> > >> Some example shorteners that are flagged: > >> > >>> db <- tools:::url_db(c("https://nyti.ms";, "https://t.co/mtXLLfYOYE";), > >>> "README") > >>> tools:::check_url_db(db) > >> URL: https://nyti.ms (moved to https://www.nytimes.com/) > >> From: README > >> Status: 200 > >> Message: OK > >> > >> URL: https://t.co/mtXLLfYOYE (moved to > >> https://www.bbc.co.uk/news/blogs-trending-47975564) > >> From: README > >> Status: 200 > >> Message: OK > >> > >> __ > >> R-devel@r-project.org mailing list > >> https://stat.ethz.ch/mailman/listinfo/r-devel > >> > > > > __ > > R-devel@r-project.org mailing list > > https://stat.ethz.ch/mailman/listinfo/r-devel > > > __ R-devel@r-project.org mailing list https://stat.ethz.ch/mailman/listinfo/r-devel
Re: [Rd] New URL redirect checks
I don't have an opinion on the URL shorteners, but how about the original question? Redirection can be extremely useful in general. Shortening URLs is only one of its possible applications. FWIW, CRAN uses (303) redirect itself, e.g., https://cran.r-project.org/package=MASS is redirected to https://cran.r-project.org/web/packages/MASS/index.html Should these "canonical" CRAN links be disallowed in packages, too? Just as another example, https://cran.r-project.org/bin/windows/base/release.html is redirected to the latest Windows installer of R (through the tag). If the intent of the new URL redirect check is to disallow using URL shorteners like bit.ly or nyti.ms, that may be fair, but it it is to disallow using any URLs that are redirected, I think this CRAN policy may be worth a reconsideration. Regards, Yihui -- https://yihui.org On Thu, Sep 17, 2020 at 3:26 AM Gábor Csárdi wrote: > > Right, I am sorry, I did not realize the security aspect here. I guess > I unconsciously treated CRAN package authors as a trusted source. > > Thanks for the correction and clarification, and to CRAN for > implementing these checks. :) > > G. > > On Wed, Sep 16, 2020 at 10:50 PM Duncan Murdoch > wrote: > > > > On 16/09/2020 4:51 p.m., Simon Urbanek wrote: > > > I can't comment for CRAN, but generally, shorteners are considered > > > security risk so regardless of the 301 handling I think flagging those is > > > a good idea. Also I think it is particularly bad to use them in manuals > > > because it hides the target so the user has no idea what hey will get. > > > > I agree, and we do have \href{}{} in Rd files and similar in other > > formats for giving text of a link different than the URL if the URL is > > inconveniently long. There's still a bit of a security issue though: > > the built in help browser (at least in MacOS) doesn't show the full URL > > when you hover over the link, as most browsers do. So one could have > > > > \href{https://disney.org}{https://horrible.web.site} > > > > Duncan Murdoch > > > > > > > > > > Cheers, > > > Simon > > > > > > > > >> On Sep 17, 2020, at 5:35 AM, Gábor Csárdi wrote: > > >> > > >> Dear all, > > >> > > >> the new CRAN URL checks flag HTTP 301 redirects. While I understand > > >> the intent, I think this is unfortunate, because several URL shortener > > >> services use 301 redirects, and often a shorter URL is actually better > > >> in a manual page than a longer one that can be several lines long in > > >> the console and also potentially truncated in the PDF manual. > > >> > > >> Some example shorteners that are flagged: > > >> > > >>> db <- tools:::url_db(c("https://nyti.ms";, "https://t.co/mtXLLfYOYE";), > > >>> "README") > > >>> tools:::check_url_db(db) > > >> URL: https://nyti.ms (moved to https://www.nytimes.com/) > > >> From: README > > >> Status: 200 > > >> Message: OK > > >> > > >> URL: https://t.co/mtXLLfYOYE (moved to > > >> https://www.bbc.co.uk/news/blogs-trending-47975564) > > >> From: README > > >> Status: 200 > > >> Message: OK > > >> > > >> __ > > >> R-devel@r-project.org mailing list > > >> https://stat.ethz.ch/mailman/listinfo/r-devel > > >> > > > > > > __ > > > R-devel@r-project.org mailing list > > > https://stat.ethz.ch/mailman/listinfo/r-devel > > > > > > > __ > R-devel@r-project.org mailing list > https://stat.ethz.ch/mailman/listinfo/r-devel __ R-devel@r-project.org mailing list https://stat.ethz.ch/mailman/listinfo/r-devel
Re: [Rd] New URL redirect checks
Isn't the whole concept of DOI basically link-shortening/redirecting? For example, this link https://doi.org/10.2134/agronj2016.07.0395 redirects to https://acsess.onlinelibrary.wiley.com/doi/abs/10.2134/agronj2016.07.0395 As a side note, I got so fed up with CRAN check complaints about (perfectly valid) re-directs that I refuse to use the \url{} tag anymore. Kevin On Thu, Sep 17, 2020 at 8:32 AM Yihui Xie wrote: > I don't have an opinion on the URL shorteners, but how about the > original question? Redirection can be extremely useful in general. > Shortening URLs is only one of its possible applications. FWIW, CRAN > uses (303) redirect itself, e.g., > https://cran.r-project.org/package=MASS is redirected to > https://cran.r-project.org/web/packages/MASS/index.html Should these > "canonical" CRAN links be disallowed in packages, too? Just as another > example, https://cran.r-project.org/bin/windows/base/release.html is > redirected to the latest Windows installer of R (through the > tag). > > If the intent of the new URL redirect check is to disallow using URL > shorteners like bit.ly or nyti.ms, that may be fair, but it it is to > disallow using any URLs that are redirected, I think this CRAN policy > may be worth a reconsideration. > > Regards, > Yihui > -- > https://yihui.org > > > On Thu, Sep 17, 2020 at 3:26 AM Gábor Csárdi > wrote: > > > > Right, I am sorry, I did not realize the security aspect here. I guess > > I unconsciously treated CRAN package authors as a trusted source. > > > > Thanks for the correction and clarification, and to CRAN for > > implementing these checks. :) > > > > G. > > > > On Wed, Sep 16, 2020 at 10:50 PM Duncan Murdoch > > wrote: > > > > > > On 16/09/2020 4:51 p.m., Simon Urbanek wrote: > > > > I can't comment for CRAN, but generally, shorteners are considered > security risk so regardless of the 301 handling I think flagging those is a > good idea. Also I think it is particularly bad to use them in manuals > because it hides the target so the user has no idea what hey will get. > > > > > > I agree, and we do have \href{}{} in Rd files and similar in other > > > formats for giving text of a link different than the URL if the URL is > > > inconveniently long. There's still a bit of a security issue though: > > > the built in help browser (at least in MacOS) doesn't show the full URL > > > when you hover over the link, as most browsers do. So one could have > > > > > > \href{https://disney.org}{https://horrible.web.site} > > > > > > Duncan Murdoch > > > > > > > > > > > > > > Cheers, > > > > Simon > > > > > > > > > > > >> On Sep 17, 2020, at 5:35 AM, Gábor Csárdi > wrote: > > > >> > > > >> Dear all, > > > >> > > > >> the new CRAN URL checks flag HTTP 301 redirects. While I understand > > > >> the intent, I think this is unfortunate, because several URL > shortener > > > >> services use 301 redirects, and often a shorter URL is actually > better > > > >> in a manual page than a longer one that can be several lines long in > > > >> the console and also potentially truncated in the PDF manual. > > > >> > > > >> Some example shorteners that are flagged: > > > >> > > > >>> db <- tools:::url_db(c("https://nyti.ms";, "https://t.co/mtXLLfYOYE";), > "README") > > > >>> tools:::check_url_db(db) > > > >> URL: https://nyti.ms (moved to https://www.nytimes.com/) > > > >> From: README > > > >> Status: 200 > > > >> Message: OK > > > >> > > > >> URL: https://t.co/mtXLLfYOYE (moved to > > > >> https://www.bbc.co.uk/news/blogs-trending-47975564) > > > >> From: README > > > >> Status: 200 > > > >> Message: OK > > > >> > > > >> __ > > > >> R-devel@r-project.org mailing list > > > >> https://stat.ethz.ch/mailman/listinfo/r-devel > > > >> > > > > > > > > __ > > > > R-devel@r-project.org mailing list > > > > https://stat.ethz.ch/mailman/listinfo/r-devel > > > > > > > > > > > __ > > R-devel@r-project.org mailing list > > https://stat.ethz.ch/mailman/listinfo/r-devel > > __ > R-devel@r-project.org mailing list > https://stat.ethz.ch/mailman/listinfo/r-devel > -- Kevin Wright [[alternative HTML version deleted]] __ R-devel@r-project.org mailing list https://stat.ethz.ch/mailman/listinfo/r-devel
Re: [Rd] New URL redirect checks
Me too. I have changed some valid URLs in \url{} to \verb{} just to avoid these check NOTEs. I do appreciate the check for the validity of URLs in packages, especially those dead links (404), but discouraging URLs with status code other than 200 (such as 301) feels like overdoing the job. After I "hide" links from R CMD check with \verb{} , it will be hard to know if these links are still valid in the future. Regards, Yihui On Tue, Sep 22, 2020 at 1:17 PM Kevin Wright wrote: > > Isn't the whole concept of DOI basically link-shortening/redirecting? > > For example, this link > https://doi.org/10.2134/agronj2016.07.0395 > redirects to > https://acsess.onlinelibrary.wiley.com/doi/abs/10.2134/agronj2016.07.0395 > > As a side note, I got so fed up with CRAN check complaints about (perfectly > valid) re-directs that I refuse to use the \url{} tag anymore. > > Kevin > > > On Thu, Sep 17, 2020 at 8:32 AM Yihui Xie wrote: >> >> I don't have an opinion on the URL shorteners, but how about the >> original question? Redirection can be extremely useful in general. >> Shortening URLs is only one of its possible applications. FWIW, CRAN >> uses (303) redirect itself, e.g., >> https://cran.r-project.org/package=MASS is redirected to >> https://cran.r-project.org/web/packages/MASS/index.html Should these >> "canonical" CRAN links be disallowed in packages, too? Just as another >> example, https://cran.r-project.org/bin/windows/base/release.html is >> redirected to the latest Windows installer of R (through the >> tag). >> >> If the intent of the new URL redirect check is to disallow using URL >> shorteners like bit.ly or nyti.ms, that may be fair, but it it is to >> disallow using any URLs that are redirected, I think this CRAN policy >> may be worth a reconsideration. >> >> Regards, >> Yihui >> -- >> https://yihui.org >> >> >> On Thu, Sep 17, 2020 at 3:26 AM Gábor Csárdi wrote: >> > >> > Right, I am sorry, I did not realize the security aspect here. I guess >> > I unconsciously treated CRAN package authors as a trusted source. >> > >> > Thanks for the correction and clarification, and to CRAN for >> > implementing these checks. :) >> > >> > G. >> > >> > On Wed, Sep 16, 2020 at 10:50 PM Duncan Murdoch >> > wrote: >> > > >> > > On 16/09/2020 4:51 p.m., Simon Urbanek wrote: >> > > > I can't comment for CRAN, but generally, shorteners are considered >> > > > security risk so regardless of the 301 handling I think flagging those >> > > > is a good idea. Also I think it is particularly bad to use them in >> > > > manuals because it hides the target so the user has no idea what hey >> > > > will get. >> > > >> > > I agree, and we do have \href{}{} in Rd files and similar in other >> > > formats for giving text of a link different than the URL if the URL is >> > > inconveniently long. There's still a bit of a security issue though: >> > > the built in help browser (at least in MacOS) doesn't show the full URL >> > > when you hover over the link, as most browsers do. So one could have >> > > >> > > \href{https://disney.org}{https://horrible.web.site} >> > > >> > > Duncan Murdoch >> > > >> > > >> > > > >> > > > Cheers, >> > > > Simon >> > > > >> > > > >> > > >> On Sep 17, 2020, at 5:35 AM, Gábor Csárdi >> > > >> wrote: >> > > >> >> > > >> Dear all, >> > > >> >> > > >> the new CRAN URL checks flag HTTP 301 redirects. While I understand >> > > >> the intent, I think this is unfortunate, because several URL shortener >> > > >> services use 301 redirects, and often a shorter URL is actually better >> > > >> in a manual page than a longer one that can be several lines long in >> > > >> the console and also potentially truncated in the PDF manual. >> > > >> >> > > >> Some example shorteners that are flagged: >> > > >> >> > > >>> db <- tools:::url_db(c("https://nyti.ms";, >> > > >>> "https://t.co/mtXLLfYOYE";), "README") >> > > >>> tools:::check_url_db(db) >> > > >> URL: https://nyti.ms (moved to https://www.nytimes.com/) >> > > >> From: README >> > > >> Status: 200 >> > > >> Message: OK >> > > >> >> > > >> URL: https://t.co/mtXLLfYOYE (moved to >> > > >> https://www.bbc.co.uk/news/blogs-trending-47975564) >> > > >> From: README >> > > >> Status: 200 >> > > >> Message: OK >> > > >> >> > > >> __ >> > > >> R-devel@r-project.org mailing list >> > > >> https://stat.ethz.ch/mailman/listinfo/r-devel >> > > >> >> > > > >> > > > __ >> > > > R-devel@r-project.org mailing list >> > > > https://stat.ethz.ch/mailman/listinfo/r-devel >> > > > >> > > >> > >> > __ >> > R-devel@r-project.org mailing list >> > https://stat.ethz.ch/mailman/listinfo/r-devel >> >> __ >> R-devel@r-project.org mailing list >> https://stat.ethz.ch/mailman/listinfo/r-devel > > > > -- > Kevin Wright __ R-devel@r-project.org mailing list https://s
Re: [Rd] New URL redirect checks
Does this issue fit in the more general one of centralized vs partitioned checks? I've suggested before that the CRAN team seems (and I'll be honest and admit I don't have a good knowledge of how they work) to favour an all-in-one checking, whereas it might be helpful to developers and also widen the "CRAN checking" team to partition checks. Partitioned checks would allow the particular problems that are raised to be dealt with in a more focussed action. URLs seem an obvious candidate, since link checking is used outside of R packages. I'm sure there are others besides myself who would contribute to such activities. After all, the partitioned checks could be contributed packages themselves. JN On 2020-09-22 9:50 p.m., Yihui Xie wrote: > Me too. I have changed some valid URLs in \url{} to \verb{} just to > avoid these check NOTEs. I do appreciate the check for the validity of > URLs in packages, especially those dead links (404), but discouraging > URLs with status code other than 200 (such as 301) feels like > overdoing the job. After I "hide" links from R CMD check with \verb{} > , it will be hard to know if these links are still valid in the > future. > > Regards, > Yihui > > On Tue, Sep 22, 2020 at 1:17 PM Kevin Wright wrote: >> >> Isn't the whole concept of DOI basically link-shortening/redirecting? >> >> For example, this link >> https://doi.org/10.2134/agronj2016.07.0395 >> redirects to >> https://acsess.onlinelibrary.wiley.com/doi/abs/10.2134/agronj2016.07.0395 >> >> As a side note, I got so fed up with CRAN check complaints about (perfectly >> valid) re-directs that I refuse to use the \url{} tag anymore. >> >> Kevin >> >> >> On Thu, Sep 17, 2020 at 8:32 AM Yihui Xie wrote: >>> >>> I don't have an opinion on the URL shorteners, but how about the >>> original question? Redirection can be extremely useful in general. >>> Shortening URLs is only one of its possible applications. FWIW, CRAN >>> uses (303) redirect itself, e.g., >>> https://cran.r-project.org/package=MASS is redirected to >>> https://cran.r-project.org/web/packages/MASS/index.html Should these >>> "canonical" CRAN links be disallowed in packages, too? Just as another >>> example, https://cran.r-project.org/bin/windows/base/release.html is >>> redirected to the latest Windows installer of R (through the >>> tag). >>> >>> If the intent of the new URL redirect check is to disallow using URL >>> shorteners like bit.ly or nyti.ms, that may be fair, but it it is to >>> disallow using any URLs that are redirected, I think this CRAN policy >>> may be worth a reconsideration. >>> >>> Regards, >>> Yihui >>> -- >>> https://yihui.org >>> >>> >>> On Thu, Sep 17, 2020 at 3:26 AM Gábor Csárdi wrote: Right, I am sorry, I did not realize the security aspect here. I guess I unconsciously treated CRAN package authors as a trusted source. Thanks for the correction and clarification, and to CRAN for implementing these checks. :) G. On Wed, Sep 16, 2020 at 10:50 PM Duncan Murdoch wrote: > > On 16/09/2020 4:51 p.m., Simon Urbanek wrote: >> I can't comment for CRAN, but generally, shorteners are considered >> security risk so regardless of the 301 handling I think flagging those >> is a good idea. Also I think it is particularly bad to use them in >> manuals because it hides the target so the user has no idea what hey >> will get. > > I agree, and we do have \href{}{} in Rd files and similar in other > formats for giving text of a link different than the URL if the URL is > inconveniently long. There's still a bit of a security issue though: > the built in help browser (at least in MacOS) doesn't show the full URL > when you hover over the link, as most browsers do. So one could have > > \href{https://disney.org}{https://horrible.web.site} > > Duncan Murdoch > > >> >> Cheers, >> Simon >> >> >>> On Sep 17, 2020, at 5:35 AM, Gábor Csárdi >>> wrote: >>> >>> Dear all, >>> >>> the new CRAN URL checks flag HTTP 301 redirects. While I understand >>> the intent, I think this is unfortunate, because several URL shortener >>> services use 301 redirects, and often a shorter URL is actually better >>> in a manual page than a longer one that can be several lines long in >>> the console and also potentially truncated in the PDF manual. >>> >>> Some example shorteners that are flagged: >>> db <- tools:::url_db(c("https://nyti.ms";, "https://t.co/mtXLLfYOYE";), "README") tools:::check_url_db(db) >>> URL: https://nyti.ms (moved to https://www.nytimes.com/) >>> From: README >>> Status: 200 >>> Message: OK >>> >>> URL: https://t.co/mtXLLfYOYE (moved to >>> https://www.bbc.co.uk/news/blogs-trending-47975564) >>> From: README >>> Status: 200 >>> Message: OK >>> >>> _