Sitaram Chamarty <sitaramc@xxxxxxxxx> writes: >> Because there is a risk of leaking information about >> non-exported repositories, by default all errors simply say >> "access denied". Sites which don't have hidden repositories, > > I suggest that even the "secure" version of the message say something > like "access denied or repository not exported". You're still not > leaking anything, but it reduces confusion to the user, who otherwise > may not realise it *could be* the latter. I kind of like the suggestion, but I am afraid that "access denied, repository nonexistent or not exported" can soon easily get long enough to be unmanageable. -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html