Should we be linking to the site that is very likely to be breached? Could start to host any type of malware until the access can be definitively revoked
That's just about article quality though. Is there a policy about linking to known compromised sites? Should one flag the submission for moderator attention?
Even if we assume folks are using up-to-date browsers (and many aren't!), a compromised site could deliver payloads to browsers ranging from zero-days to phishing content to browser extension compromises (esp. for crypto wallets etc.), that might be delivered differently to different viewers. We don't want to amplify the spread of an attack, especially to our community!
There are too many things to add if we start adding things like that. Each one is important in its own context, of course—like here—but once you start making lists of important things, you end up in a whole-is-less-than-the-sum-of-its-parts situation. I don't think such lists are likely to be effective in the long run.
That's also why the site guidelines (https://news.ycombinator.com/newsguidelines.html) are nowhere near as long as they would be if we tried to include all the important things. Better a shorter list that people can actually read.
I hope that doesn't come across as dismissive—I do see your point!
