Sitaram Chamarty <sitaramc@xxxxxxxxx> writes: > On Sat, Oct 15, 2011 at 11:25 AM, Junio C Hamano <gitster@xxxxxxxxx> wrote: >> Sitaram Chamarty <sitaramc@xxxxxxxxx> writes: >> >>>> Because there is a risk of leaking information about >>>> non-exported repositories, by default all errors simply say >>>> "access denied". Sites which don't have hidden repositories, >>> >>> I suggest that even the "secure" version of the message say something >>> like "access denied or repository not exported". You're still not >>> leaking anything, but it reduces confusion to the user, who otherwise >>> may not realise it *could be* the latter. >> >> I kind of like the suggestion, but I am afraid that "access denied, >> repository nonexistent or not exported" can soon easily get long enough to >> be unmanageable. > > When someone who *does* have access makes a typo, "access denied" > makes it harder to realise it, because it subtly implies the repo > *does* exist and it's an ACL issue. I've seen lots of frustrating > back-and-forth between admin and user before someone eventually > noticed the typo. > > "Access denied or no such repo" is much better. (The "not exported" > nuance is not relevant in this context; you can safely ignore it.) To join this bike-shedding: "Access denied or repository not available" or just "Repository not available" -- Jakub Narębski -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html