On Mon, Dec 28, 2009 at 10:59 AM, Shawn O. Pearce <spearce@xxxxxxxxxxx> wrote: > Tarmigan <tarmigan+git@xxxxxxxxx> wrote: >> I've been thinking that the not_found() to a forbidden() instead. > > Oh. Interesting question. > > Because you can't resolve the access error by authenticating to > the server, we may actually want to just return not_found() here > with a message in the log of "Repository not exported: '%s'". I'm no http expert, but isn't that what 401 would be? From http://tools.ietf.org/html/rfc2616#section-10.4.4 403 Forbidden The server understood the request, but is refusing to fulfill it. Authorization will not help and the request SHOULD NOT be repeated. If the request method was not HEAD and the server wishes to make public why the request has not been fulfilled, it SHOULD describe the reason for the refusal in the entity. If the server does not wish to make this information available to the client, the status code 404 (Not Found) can be used instead. which to me points to 403 instead of 404. I don't have a strong preference, and will resend with those changes if you'd prefer 404. Thanks, Tarmigan -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html