[R-pkg-devel] Logical Inconsistency of check regarding URL?

Dr. habil. Michael Thrun m@thrun @end|ng |rom gmx@net
Tue Nov 29 08:19:40 CET 2022 

Dear All,
I got from Uwe the following message after uploading an update of my package “DatabionicSwarm”.  "Found the  following (possibly) invalid URLs: URL:  https://www.deepbionics.org (moved to  https://mthrun.github.io/index) From: DESCRIPTION Status: 301 Message: Moved Permanently
Please change http --> https, add trailing slashes, or follow moved content as appropriate.
"
 I asked then
"
Dear Uwe,
your request states to either
Please  change http --> https, add trailing slashes or to  follow moved content as appropriate.
As it is not  appropriate to follow content, I select the first   choice. the URL is 
"https://www.deepbionics.org/" 
 which mets both conditions of beeing "https" and 
 having at the end one "/".
What is the problem?  Please elaborate.
You already accepted another  package GeneralizedUmatrix today with exactly same 
 url. I really dont understand it. Please be so kind 
 to elabore.”

 As an answer I got
"You are abusig the system! Again: <Followed by same Message as above>”

Hence, I have several questions.
First, do we not communicate with CRAN anymore through the submission procedure of the package? If not, which is the correct line of communication in such a case?

Second, are the answers that we get now fully automatically generated? It would be strange for me to believe that Uwe would provide such an answer to my polite request.

Third, why can I have a CRAN package "DataVisualizations" with this URL online, another one named "GeneralizedUmatrix" uploaded the same day with the same URL, which both are OK, but the URL in "DatabionicSwarm" is not?

Forth, can't we have more clear feedback messages?
I mean, having in the description the URL "https://www.deepbionics.org/" and getting the feedback "http --> https, add trailing slashes or ... "does not make any sense. Also, could someone please explain why is a "/" at the end of an URL necessary? What is the technical background to this?

Fifth, why do we need https/TLS/SSL? I have to pay a monthly fee for a certificate to apply this to my website so that CRAN accepts my URL - and as far as I can tell, it makes things only more complex but not more secure (e.g., https://www.elektronik-kompendium.de/sites/net/1906041.htm). Or in other words, it seems to me that we are expected to pay to follow the guideline of having a certificate instead of making better code with fewer bugs. I am no security expert, but my baseline in computer science is always if a tool is more complex, then the chances are lower that it works as intended, and the possibilities are higher that it has unintended and potentially risky side effects.    

Best Regards

Michael

More information about the R-package-devel mailing list