Less broadly (
) The Mods ( @Laurana Kanan
) froze access to the first ".ru" link I posted until it was vetted; I felt safe as, at the time. I was running five
levels of security on my machine. - Just sayin'.
In that case, I didn't get the impression that the concern there was so much that it was a .ru site, as that it had (dead, as it turned out) links to pirated/cracked content. Many of those sites are known for malware distribution as well. Of course, times have changed since then.
But there's also a scalability problem in that a site that is clean today may not be next week. If everyone called out the mods to check every link before they downloaded it, it would result in a deluge of unnecessary moderator work, and there would still be a risk of malware being inserted between when a moderator checked it and when a user downloaded it. It's also worth noting that the moderators are a group of people selected more on forum moderation abilities than computer security expertise; their opinion of whether a download is safe may not be any better informed than your own.
This doesn't apply to new posts hawking a suspicious link, where someone may be trying to spread malware, or have had their account hacked, etc. Please do report those.
More on the forum moderation point, the paranoid posts (e.g. it's a RUSSIAN SITE which should ABSOLUTELY BE VETTED) implicitly associate the poster of that link with Putin's regime, and an attempt to be nefarious. Some of CFC's Russian posters have explicitly disavowed Putin's actions, and others have noted that they understand why the war in Europe is so concerning, while perhaps not wanting to outright post about opposing their government due to concerns about that government. Of course there are others who support Putin, moreso if you look in other sub-forums, but the point is we shouldn't treat all Russians as supported of Putin just as we shouldn't have treated all Americans as supports of Trump in 2018. Such assumptions could drive away long-term contributors, who may in fact be very much anti-Putin themselves.
Put another way, that sort of post could be construed as a mild form of trolling, and would be more likely to be seen that way if repeated. The forum rules state, in part (section "Civility & Discussion"):
Trolling is posting something with the intent to annoy or to generate a negative reaction from other people. It can be interpreted as anything for which it is reasonably foreseeable (in the moderators' opinion) that someone will react to it. It can be a very grey issue, and moderators will use their discretion and judgment. Examples of things that are generally considered trolling are as follows:
--Extending a negative issue to a wide group of people. For example, if one member of a group, religion, political persuasion or ethnicity does something bad, a post that implies that all members of this group, religion, political persuasion or ethnicity are similar, this is considered trolling.
While I'm not going to assume that was the intention here, and is is indeed a bit of a grey issue, I'd prefer not to see similar posts start appearing all over the forum. The main effect would be annoying contributors for something they likely had nothing to do with, and un-thanking them for their contributions here, which is why if repeated I think it would eventually cross that grey threshold.
A more constructive question would be, "Can I trust links from cloud.ru? I'm suspicious of Russian-hosted websites given the war in Ukraine." That is a question that may have to be revisited as the world situation evolves, and I would hope we can gradually migrate scenarios/mods to sites that don't have that question (as well as the site language issue). But that is going to be a process.
I wasn't worried about the uploader at all - it was the location and (unknown) integrity of the server (and it's owner) that made me cautious. It is known that web servers can potentially have malicious conent that goes undetected by a casual user. Regardless of wheather the uploader is well regarded, longtime member here at Civfanatics, the server could be running scripts and stuff without me or the uploader being aware of it. It has to do with the level of the regime's interference with the internet and it's components. Just sayin'...
Indeed, a valid concern, especially considering SolarWinds. If there is any evidence that cloud.ru is serving malicious content, that's important to know. Moreover, anyone is welcome to skip downloading mods from domains they deem untrustworthy.
If someone wants to take on the task of making secondary sources available for those mods, I'd have no objections. Redundancy in available download links is always good. This applies more broadly as well; any mod with only one source is at risk of no longer being available.