Authentication-Results: mail-b.sr.ht; dkim=fail header.d=solfisher.com header.i=@solfisher.com Received: from out0.migadu.com (out0.migadu.com [94.23.1.103]) by mail-b.sr.ht (Postfix) with ESMTPS id 96EB711EF27 for <~sircmpwn/sr.ht-discuss@lists.sr.ht>; Tue, 18 May 2021 11:18:01 +0000 (UTC) MIME-Version: 1.0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=solfisher.com; s=key1; t=1621336679; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=IcTWuJsXqxuNf/aXcnv/yrq+YtAIwSM1ns4hAyD40Ks=; b=rC0sR03b2+9+CxYkZgMSRFqpDFKRO+hnCad5puzYpwRERfp34SiAjr12rbU5pNnSYXdYeZ FNoXNon8dprcehGRcesZAaraxNUMqNC+eBIAPlT/j6HPUdi7Z6wqNJsmxZHK6+3Wt4vkkf qL1MUtneab7ZGxRlhrhAiG5cQjyZG9mcUEyNSpXkM6moNDK47l5BnkaQyJU2Nh3yPO2kyL +B/sqIhkrDF6Uw+SRNJ9zKvTv/UCKBdyaSzsQNj2WoqRLQNyVB+bQCdwaciCqdD81aV6Yn KZpbzgUhhUo4plT4sUZOz+S/JgjjkMAHoWFzyqynQr0QvvwLqVVgL0lZAKpH0A== Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=UTF-8 Date: Tue, 18 May 2021 14:17:57 +0300 Message-Id: Cc: Subject: Should private repositores show 404 instead of 401? X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. From: "Sol Fisher Romanoff" To: <~sircmpwn/sr.ht-discuss@lists.sr.ht> X-Migadu-Flow: FLOW_OUT X-Migadu-Auth-User: sol@solfisher.com The way I think about it, private repositories shouldn't only be inaccessib= le, but also invisible to unauthorized users. Currently, trying to access a private repository on sourcehut returns 401, = which is sensible, I guess, but I can infer that there is a private repository th= ere. Compare that with GitHub's approach, which simply shows a 404 -- as if the repository doesn't even exist. Even though it's technically incorrect to return 404 for a private reposito= ry, I think it makes sense for private repositories to be wholly invisible.