On Sat, Oct 15, 2011 at 11:25 AM, Junio C Hamano <gitster@xxxxxxxxx> wrote: > Sitaram Chamarty <sitaramc@xxxxxxxxx> writes: > >>> Because there is a risk of leaking information about >>> non-exported repositories, by default all errors simply say >>> "access denied". Sites which don't have hidden repositories, >> >> I suggest that even the "secure" version of the message say something >> like "access denied or repository not exported". You're still not >> leaking anything, but it reduces confusion to the user, who otherwise >> may not realise it *could be* the latter. > > I kind of like the suggestion, but I am afraid that "access denied, > repository nonexistent or not exported" can soon easily get long enough to > be unmanageable. When someone who *does* have access makes a typo, "access denied" makes it harder to realise it, because it subtly implies the repo *does* exist and it's an ACL issue. I've seen lots of frustrating back-and-forth between admin and user before someone eventually noticed the typo. "Access denied or no such repo" is much better. (The "not exported" nuance is not relevant in this context; you can safely ignore it.) regards -- Sitaram -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html