Re: [RFC PATCH] t5551: delete auth-for-pack-but-not-refs test

2019-03-22 Thread Jonathan Tan
> Jonathan Tan writes: > > > Because this configuration is not supported by all protocol versions, > > and because this configuration seems to be of limited usefulness (only > > useful for people who use manual credential entry and on servers that > > are OK with exposing refs but not objects, an

Re: [RFC PATCH] t5551: delete auth-for-pack-but-not-refs test

2019-03-21 Thread Junio C Hamano
Jonathan Tan writes: > Because this configuration is not supported by all protocol versions, > and because this configuration seems to be of limited usefulness (only > useful for people who use manual credential entry and on servers that > are OK with exposing refs but not objects, and even in th

Re: [RFC PATCH] t5551: delete auth-for-pack-but-not-refs test

2019-03-21 Thread Jonathan Tan
> On Thu, Mar 21, 2019 at 01:24:35PM -0700, Jonathan Tan wrote: > > > > The test you're deleting is basically just verifying that our apache > > > config is indeed "half-auth". Because in v0, the server is never even > > > going to ask for credentials, so no interesting code paths in the client >

Re: [RFC PATCH] t5551: delete auth-for-pack-but-not-refs test

2019-03-21 Thread Jeff King
On Thu, Mar 21, 2019 at 01:24:35PM -0700, Jonathan Tan wrote: > > The test you're deleting is basically just verifying that our apache > > config is indeed "half-auth". Because in v0, the server is never even > > going to ask for credentials, so no interesting code paths in the client > > are trig

Re: [RFC PATCH] t5551: delete auth-for-pack-but-not-refs test

2019-03-21 Thread Jonathan Tan
> On Thu, Mar 21, 2019 at 03:55:37PM -0400, Jeff King wrote: > > > I am a little confused about v2 here, though. It should hit the initial > > info/refs endpoint the same as usual. If it's a noop fetch, then it's > > done. Otherwise, we'd hit the git-upload-pack and expect to require > > authentic

Re: [RFC PATCH] t5551: delete auth-for-pack-but-not-refs test

2019-03-21 Thread Jeff King
On Thu, Mar 21, 2019 at 03:55:37PM -0400, Jeff King wrote: > I am a little confused about v2 here, though. It should hit the initial > info/refs endpoint the same as usual. If it's a noop fetch, then it's > done. Otherwise, we'd hit the git-upload-pack and expect to require > authentication. That

Re: [RFC PATCH] t5551: delete auth-for-pack-but-not-refs test

2019-03-21 Thread Jeff King
On Thu, Mar 21, 2019 at 10:47:19AM -0700, Jonathan Tan wrote: > When using protocol v0, upload-pack over HTTP permits a "half-auth" > configuration in which, at the web server layer, the info/refs path is > not protected by authentication but the git-upload-pack path is, so that > a user can perfo

[RFC PATCH] t5551: delete auth-for-pack-but-not-refs test

2019-03-21 Thread Jonathan Tan
When using protocol v0, upload-pack over HTTP permits a "half-auth" configuration in which, at the web server layer, the info/refs path is not protected by authentication but the git-upload-pack path is, so that a user can perform fetches that do not download any objects without authentication, but