Authentication-Results: mail-b.sr.ht; dkim=pass header.d=smlavine.com header.i=@smlavine.com
Received: from mail.smlavine.com (smlavine.com [140.82.41.52])
	by mail-b.sr.ht (Postfix) with ESMTPS id 8082111EF27
	for <~sircmpwn/sr.ht-discuss@lists.sr.ht>; Tue, 18 May 2021 20:50:45 +0000 (UTC)
Received: from [10.16.0.7] (unknown [173.208.98.185])
	by mail.smlavine.com (Postfix) with ESMTPSA id 293B283F70
	for <~sircmpwn/sr.ht-discuss@lists.sr.ht>; Tue, 18 May 2021 20:50:45 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=smlavine.com; s=mail;
	t=1621371045; bh=AkxgB7zSw/iEYGxjwDZgKLhMVrDhoE9BOuXdTz8obu8=;
	h=From:Subject:To:References:Date:In-Reply-To:From;
	b=lpjcvo8CXyF1uopzLYAvfXBWKEGqPziHky8f4AitSX3NiRhV3aEdQjtaM3mA0mDXu
	 7+GrFfBhJedH3fvbTlk7stcIcdBaCzD8xWWS75h+WPlp1TLYOtI/s+7CfF4vu0B15D
	 /lH4ZWIwuzaKAYxASQUFUMpQgLG58KqTOFEA9vtum7cGWZDrbq4Ph7TJpN1wSOmX8X
	 iRybtZCdPYi9ao6vnJe0l00vroEpL2GYW83Rua9MoKk6PrFRk6t5ZPuSf2zo8DoDus
	 90BJcEo395eYSnER9A+g+SJGllXb4RTTQ4knYDYEVEOy2K+BfxFtycZgdh6iPXT/K8
	 bIAac0bD365Gw==
From: Sebastian LaVine <mail@smlavine.com>
Subject: Re: Should private repositores show 404 instead of 401?
To: ~sircmpwn/sr.ht-discuss@lists.sr.ht
References: <CBGBVUW6MQ8N.31XRADRMGIOUV@bellwether>
 <CBGC00JRSLWJ.DP00STWONX3G@bellwether> <20210518203551.tnsbe6hmugxn64sr@iyo>
Autocrypt: addr=mail@smlavine.com; keydata=
 xsDNBF/FRC8BDADVO0YffXrFvdQi7oQmlC7HF208hw4EsH3VoqCFqhHbsV1T33RDT4TrZ0xQ
 dij/V9F4+hhosltbvYxsWC4sZgFL0LKTjLy7yNMOmyda6qq/gLwc8VjHYFTjRTo8LuApA1yq
 nJixCB2XW6kNGebrd1KnID3p+uz7m3j/CntaO2XVUBtZj+UtPN+mexbm4ORsT0L4rtEDynh6
 Zg3FVHlciYhXeNh4cScC3UOEakjGNq8PUvKOgpXDd230az+UUblx6DESgLBpO/6VykLHvbsh
 Gsd1p9H2G5JAsUx0ZHK6jae1BkypNZ5UGFlIM88A+sXX+FRvyqOHK35GWK8+2bfwrfJBaSCm
 EzFJ1gU2YtRAyAVuK4y55traiQ7YhkmV2P89wjYrXmBjtwHdJHbQ1FLKzWjRYIqGnnLAezCC
 SZhoBDFWgYTUkm2iZSPuM1OCsxOfaIycbU2oXvsistDUxu7896mpTxW/puTGHnXChxGJ7G0F
 LqW6zU/KHYNnQarkx+LIau8AEQEAAc0kU2ViYXN0aWFuIExhVmluZSA8bWFpbEBzbWxhdmlu
 ZS5jb20+wsEOBBMBCAA4FiEEckOCIAi7/a97Zy72gZx9BUx8FGUFAl/FRC8CGwMFCwkIBwIG
 FQoJCAsCBBYCAwECHgECF4AACgkQgZx9BUx8FGVZzwwAqff+YVwSsUhBavfWKaFYf5M40yN3
 gJ33Szi71qaC9h+HimunzK7oN07vGC44OdXad46QLVvNIjleqOahiivF+B0ovcpPEZpW8lEp
 kdUGwgpBeQqUUDhfXFrdGcah/T0RhNEyzjUqQ/2Sz7IGjBHgI//tBFifc0r7WZGk3vDR2G2d
 AO2ucQ0K+U1biNJzhNw3BtkyEajnhRL4kgq4eCSbMSUXVqzVhR4Z0qiL9cRiqdML97gx2nNL
 UYYT8uOyXqi7p74w/2yMMRZwlGJJpKHp7cZvxH+ouAY1MCHW2VXAIawwI7hHP0ymWqeL2nGE
 14b+tNseh7fm40HjuPblnwjNZBQbfQj5nP03glUW/FLyPImmTcbpNWjZjolcmTbjh+nkktxK
 gRR9yh/hKwUWFdae7SQxJilkiq4Evv6f6b/iHiYoJ+TkYn83rSVa2FHHocUWTv5UR4z9FlD2
 +Egs6GkiQ9w0BEDpI+ZsGOQJT5FfYwErGg7gk3mCKYL6GGt4bBeMzsDNBF/FRC8BDACspEAs
 dMJSfWUkIIMj6Kno2QDA1jo6BKTFtrGC7A43bwFw+ng/ny/Esw0CDPwQbwvGqJodAF7W7hCj
 gEt2q/dVfNOEYkmKPzYUHv0WuZdt8ZBdqU3Qi5Iv6dzF1EQUIlRpSUpSToriEwaJ8/X/MLjX
 b6/BnVZ3OrXszImLGkbuYjFbfKsw1/I+C+3Jm/HwRv1rbZwmAl9RvCLN0xufX5xo7XikyPUE
 buyMdEH0ymIzJrqyqlagdUoBCo4WNEGWndfxZ1U34XvUAtoVfxRWomqV4nX9kFTDXPyndunT
 2Yj/g/YdOlwpHS8/JFLfnAhWvmopTjjnpeiWMT8SOjmfebeqje4mMvaRr8vXZ8BRCLMugS6X
 NW4uzdgTjE7iX0ea2c6e8tF5aXfzoziP7omDqDSoTeV4BxoR/8du/2TP7JUb0vPNxD4neT4O
 UT4TCPuvZNdezDYF/QaFWmjmviHZzyqaLAwMGblLxXY/CWsYKPvwX83kA7Azp6tcRG/VUtNJ
 Ue0AEQEAAcLA9gQYAQgAIBYhBHJDgiAIu/2ve2cu9oGcfQVMfBRlBQJfxUQvAhsMAAoJEIGc
 fQVMfBRlbjoMALVZ+YitdM6PtivtOQ+O9g+hkN9WgdwIhBHEGGc2ugMflqOMDh28OkjgYm/k
 uqcni8cQWcLkYrrfTRmJOVPy6OyDbw87hF8Lk5kaj2VrE8Jz33Lyk2HpNHPoLCFqWaoR1QL5
 Qqg3PBuSuDnpyYAQrGZ0bs13/Q2iPXGoMF9DthKxZTT+SLqBYZdtGBpZKFux8mWsieKmR5N8
 CVb1uGcwrszbFOlyXemKY1LNcy7FgWyRHegeqK81VhMelpuji+3h6oP+cHKE23lxOqsIYHxF
 Urwykou3gtit+uUTnzEh8L69FBq7hSRvYIlQxGeFwk8sOUozKtTedZP1HukYYuiGLzmY6IVZ
 r6YvE+keueHHSX+SUoj7VjmF6qAXrF+4eTSSL6fkDOyosPDw9l4S33YCMT+smSXbfr0kGxMk
 jC0PguRE/w4ie7OllLpDod3aDV1EI46+C9ywf45SUza3T4Q+svq55biZma0sEr0PhRj6MJ1w
 mZssarzO4ljhNhym73mRuA==
Message-ID: <eb96a11f-2b7c-093d-1afa-212c195b4605@smlavine.com>
Date: Tue, 18 May 2021 16:50:26 -0400
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
 Firefox/78.0 Thunderbird/78.10.1
MIME-Version: 1.0
In-Reply-To: <20210518203551.tnsbe6hmugxn64sr@iyo>
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature";
 boundary="igHXx7z9pswn4nKbjuihmE6ILrUoLyxFr"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--igHXx7z9pswn4nKbjuihmE6ILrUoLyxFr
Content-Type: multipart/mixed; boundary="bnujmIInW5znZm70nw0b88lSzeJNOlvOH";
 protected-headers="v1"
From: Sebastian LaVine <mail@smlavine.com>
To: ~sircmpwn/sr.ht-discuss@lists.sr.ht
Message-ID: <eb96a11f-2b7c-093d-1afa-212c195b4605@smlavine.com>
Subject: Re: Should private repositores show 404 instead of 401?
References: <CBGBVUW6MQ8N.31XRADRMGIOUV@bellwether>
 <CBGC00JRSLWJ.DP00STWONX3G@bellwether> <20210518203551.tnsbe6hmugxn64sr@iyo>
In-Reply-To: <20210518203551.tnsbe6hmugxn64sr@iyo>

--bnujmIInW5znZm70nw0b88lSzeJNOlvOH
Content-Type: multipart/mixed;
 boundary="------------F9DFAA075A1646343A3B9DF1"
Content-Language: en-US

This is a multi-part message in MIME format.
--------------F9DFAA075A1646343A3B9DF1
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: quoted-printable

On 5/18/21 4:35 PM, dvn wrote:
> Do you have a link to that previous discussion?
>=20

It has been discussed at least twice before[0][1].

I think both options have legitimate reasons for being used. I see that=20
on the previous threads, Drew mentioned that private repos 404-ing=20
wouldn't make a difference, because they could still be detected with=20
"timing attacks". I do not know what these are, and would appreciate it=20
if someone were to explain them for me.

[0]:=20
https://lists.sr.ht/~sircmpwn/sr.ht-discuss/%3C20190407161316.mb644ldmmqt=
is6br%40kazhap.dbalan.in%3E

[1]:=20
https://lists.sr.ht/~sircmpwn/sr.ht-discuss/%3CCABR6s9uXAdzJRnHqV%2BCmQVU=
hgOWNyP2gXwCozaeY%3DDpTDLk9tw%40mail.gmail.com%3E

--=20
Sebastian LaVine | https://smlavine.com



--------------F9DFAA075A1646343A3B9DF1
Content-Type: application/pgp-keys;
 name="OpenPGP_0x819C7D054C7C1465.asc"
Content-Transfer-Encoding: quoted-printable
Content-Description: OpenPGP public key
Content-Disposition: attachment;
 filename="OpenPGP_0x819C7D054C7C1465.asc"

-----BEGIN PGP PUBLIC KEY BLOCK-----

xsDNBF/FRC8BDADVO0YffXrFvdQi7oQmlC7HF208hw4EsH3VoqCFqhHbsV1T33RDT4TrZ0xQd=
ij/
V9F4+hhosltbvYxsWC4sZgFL0LKTjLy7yNMOmyda6qq/gLwc8VjHYFTjRTo8LuApA1yqnJixC=
B2X
W6kNGebrd1KnID3p+uz7m3j/CntaO2XVUBtZj+UtPN+mexbm4ORsT0L4rtEDynh6Zg3FVHlci=
YhX
eNh4cScC3UOEakjGNq8PUvKOgpXDd230az+UUblx6DESgLBpO/6VykLHvbshGsd1p9H2G5JAs=
Ux0
ZHK6jae1BkypNZ5UGFlIM88A+sXX+FRvyqOHK35GWK8+2bfwrfJBaSCmEzFJ1gU2YtRAyAVuK=
4y5
5traiQ7YhkmV2P89wjYrXmBjtwHdJHbQ1FLKzWjRYIqGnnLAezCCSZhoBDFWgYTUkm2iZSPuM=
1OC
sxOfaIycbU2oXvsistDUxu7896mpTxW/puTGHnXChxGJ7G0FLqW6zU/KHYNnQarkx+LIau8AE=
QEA
Ac0kU2ViYXN0aWFuIExhVmluZSA8bWFpbEBzbWxhdmluZS5jb20+wsEOBBMBCAA4FiEEckOCI=
Ai7
/a97Zy72gZx9BUx8FGUFAl/FRC8CGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQgZx9B=
Ux8
FGVZzwwAqff+YVwSsUhBavfWKaFYf5M40yN3gJ33Szi71qaC9h+HimunzK7oN07vGC44OdXad=
46Q
LVvNIjleqOahiivF+B0ovcpPEZpW8lEpkdUGwgpBeQqUUDhfXFrdGcah/T0RhNEyzjUqQ/2Sz=
7IG
jBHgI//tBFifc0r7WZGk3vDR2G2dAO2ucQ0K+U1biNJzhNw3BtkyEajnhRL4kgq4eCSbMSUXV=
qzV
hR4Z0qiL9cRiqdML97gx2nNLUYYT8uOyXqi7p74w/2yMMRZwlGJJpKHp7cZvxH+ouAY1MCHW2=
VXA
IawwI7hHP0ymWqeL2nGE14b+tNseh7fm40HjuPblnwjNZBQbfQj5nP03glUW/FLyPImmTcbpN=
WjZ
jolcmTbjh+nkktxKgRR9yh/hKwUWFdae7SQxJilkiq4Evv6f6b/iHiYoJ+TkYn83rSVa2FHHo=
cUW
Tv5UR4z9FlD2+Egs6GkiQ9w0BEDpI+ZsGOQJT5FfYwErGg7gk3mCKYL6GGt4bBeMzsDNBF/FR=
C8B
DACspEAsdMJSfWUkIIMj6Kno2QDA1jo6BKTFtrGC7A43bwFw+ng/ny/Esw0CDPwQbwvGqJodA=
F7W
7hCjgEt2q/dVfNOEYkmKPzYUHv0WuZdt8ZBdqU3Qi5Iv6dzF1EQUIlRpSUpSToriEwaJ8/X/M=
LjX
b6/BnVZ3OrXszImLGkbuYjFbfKsw1/I+C+3Jm/HwRv1rbZwmAl9RvCLN0xufX5xo7XikyPUEb=
uyM
dEH0ymIzJrqyqlagdUoBCo4WNEGWndfxZ1U34XvUAtoVfxRWomqV4nX9kFTDXPyndunT2Yj/g=
/Yd
OlwpHS8/JFLfnAhWvmopTjjnpeiWMT8SOjmfebeqje4mMvaRr8vXZ8BRCLMugS6XNW4uzdgTj=
E7i
X0ea2c6e8tF5aXfzoziP7omDqDSoTeV4BxoR/8du/2TP7JUb0vPNxD4neT4OUT4TCPuvZNdez=
DYF
/QaFWmjmviHZzyqaLAwMGblLxXY/CWsYKPvwX83kA7Azp6tcRG/VUtNJUe0AEQEAAcLA9gQYA=
QgA
IBYhBHJDgiAIu/2ve2cu9oGcfQVMfBRlBQJfxUQvAhsMAAoJEIGcfQVMfBRlbjoMALVZ+Yitd=
M6P
tivtOQ+O9g+hkN9WgdwIhBHEGGc2ugMflqOMDh28OkjgYm/kuqcni8cQWcLkYrrfTRmJOVPy6=
OyD
bw87hF8Lk5kaj2VrE8Jz33Lyk2HpNHPoLCFqWaoR1QL5Qqg3PBuSuDnpyYAQrGZ0bs13/Q2iP=
XGo
MF9DthKxZTT+SLqBYZdtGBpZKFux8mWsieKmR5N8CVb1uGcwrszbFOlyXemKY1LNcy7FgWyRH=
ege
qK81VhMelpuji+3h6oP+cHKE23lxOqsIYHxFUrwykou3gtit+uUTnzEh8L69FBq7hSRvYIlQx=
GeF
wk8sOUozKtTedZP1HukYYuiGLzmY6IVZr6YvE+keueHHSX+SUoj7VjmF6qAXrF+4eTSSL6fkD=
Oyo
sPDw9l4S33YCMT+smSXbfr0kGxMkjC0PguRE/w4ie7OllLpDod3aDV1EI46+C9ywf45SUza3T=
4Q+
svq55biZma0sEr0PhRj6MJ1wmZssarzO4ljhNhym73mRuA=3D=3D
=3DxrOL
-----END PGP PUBLIC KEY BLOCK-----

--------------F9DFAA075A1646343A3B9DF1--

--bnujmIInW5znZm70nw0b88lSzeJNOlvOH--

--igHXx7z9pswn4nKbjuihmE6ILrUoLyxFr
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature"

-----BEGIN PGP SIGNATURE-----

wsD5BAABCAAjFiEEckOCIAi7/a97Zy72gZx9BUx8FGUFAmCkKJIFAwAAAAAACgkQgZx9BUx8FGWE
+AwAgsbsk1TtagC6aHrctnATX4LasiwpBDxx3npcvPcBio44RDYKmwKICh4puvHTB2WY+v5qIdgc
8p2aR7Xz5bIvvkctF2k/jllwxU7er8Y/HRTIPrCNw34XW1N15Is+AljCduGoQgyLUEdZjxEbdqvV
DovOaaPVu2E8USybPjGIlzliur2LKpDmJisy/pZyf0j6dbfUy7WpHSOa14h4Bh+WVDz9b9nISI7N
kTvGopkiTtGJ8q3PfPtkhk8JMjt99JcoHWBJ1dleXTPO3x291QSIXW2PcPX/Y8GOcWoosYWasYzJ
CRl6Ssekw2rei3UVXdacYNFEJGdGcTCLgeqbtwTM6ZNsZYKQWKj7UMYi7eRVe3DXi9SKo3fkhbF/
cZvkXFA5HLETnBnENowqZiyHoWD0iVAJtNRo+/Zb1So1AF7cYMkNOxAuLjEEog4Wqiv9kRMAXp+l
U31wWvirHN1jxIbEF51h9nllIK549nojxf23HuA6QXAHKQdwZ5rKCa+81o7X
=lkiO
-----END PGP SIGNATURE-----

--igHXx7z9pswn4nKbjuihmE6ILrUoLyxFr--