On Thu, Mar 21, 2019 at 01:24:35PM -0700, Jonathan Tan wrote: > > The test you're deleting is basically just verifying that our apache > > config is indeed "half-auth". Because in v0, the server is never even > > going to ask for credentials, so no interesting code paths in the client > > are triggered. So it's not actually testing anything of interest. > > If both of us want to drop this test, that's great :-) but for > clarification: in addition to verifying that our apache config is > "half-auth", this test also verifies that in a no-op fetch, we don't hit > the path that is guarded by an authentication requirement. This seems > significant to me in light of the link you provided in your prior email > [1]. Yeah, I suppose it does. I just never really thought of that as a plausible regression to introduce, given the way the v0 protocol works. :) Although in a sense it is interesting, because it did reveal something about v2 that we hadn't considered. I don't think it's worth addressing (especially now), but had we been doing cross-protocol tests sooner, we might have looked at it more in the design phase. So I would also be OK with just marking it as as v0-only test. -Peff
