Does this issue fit in the more general one of centralized vs
partitioned checks? I've suggested before that the CRAN team
seems (and I'll be honest and admit I don't have a good knowledge
of how they work) to favour an all-in-one checking, whereas it
might be helpful to developers and also widen
Me too. I have changed some valid URLs in \url{} to \verb{} just to
avoid these check NOTEs. I do appreciate the check for the validity of
URLs in packages, especially those dead links (404), but discouraging
URLs with status code other than 200 (such as 301) feels like
overdoing the job. After I
Isn't the whole concept of DOI basically link-shortening/redirecting?
For example, this link
https://doi.org/10.2134/agronj2016.07.0395
redirects to
https://acsess.onlinelibrary.wiley.com/doi/abs/10.2134/agronj2016.07.0395
As a side note, I got so fed up with CRAN check complaints about
I don't have an opinion on the URL shorteners, but how about the
original question? Redirection can be extremely useful in general.
Shortening URLs is only one of its possible applications. FWIW, CRAN
uses (303) redirect itself, e.g.,
https://cran.r-project.org/package=MASS is redirected to
Right, I am sorry, I did not realize the security aspect here. I guess
I unconsciously treated CRAN package authors as a trusted source.
Thanks for the correction and clarification, and to CRAN for
implementing these checks. :)
G.
On Wed, Sep 16, 2020 at 10:50 PM Duncan Murdoch
wrote:
>
> On
I was going to offer my opine on security risks but some prominent R folks
tend to woefully inaccurately knee-jerk/react badly to my 25+ year expert
opinion on such things and create childish website verbiage to show their
lack of maturity (who knew random developers can become security experts
On 16/09/2020 4:51 p.m., Simon Urbanek wrote:
I can't comment for CRAN, but generally, shorteners are considered security
risk so regardless of the 301 handling I think flagging those is a good idea.
Also I think it is particularly bad to use them in manuals because it hides the
target so the
I can't comment for CRAN, but generally, shorteners are considered security
risk so regardless of the 301 handling I think flagging those is a good idea.
Also I think it is particularly bad to use them in manuals because it hides the
target so the user has no idea what hey will get.
Cheers,
Dear all,
the new CRAN URL checks flag HTTP 301 redirects. While I understand
the intent, I think this is unfortunate, because several URL shortener
services use 301 redirects, and often a shorter URL is actually better
in a manual page than a longer one that can be several lines long in
the