> On Thu, Mar 21, 2019 at 01:24:35PM -0700, Jonathan Tan wrote: > > > > The test you're deleting is basically just verifying that our apache > > > config is indeed "half-auth". Because in v0, the server is never even > > > going to ask for credentials, so no interesting code paths in the client > > > are triggered. So it's not actually testing anything of interest. > > > > If both of us want to drop this test, that's great :-) but for > > clarification: in addition to verifying that our apache config is > > "half-auth", this test also verifies that in a no-op fetch, we don't hit > > the path that is guarded by an authentication requirement. This seems > > significant to me in light of the link you provided in your prior email > > [1]. > > Yeah, I suppose it does. I just never really thought of that as a > plausible regression to introduce, given the way the v0 protocol works. :) > > Although in a sense it is interesting, because it did reveal something > about v2 that we hadn't considered. I don't think it's worth addressing > (especially now), but had we been doing cross-protocol tests sooner, we > might have looked at it more in the design phase. > > So I would also be OK with just marking it as as v0-only test.
OK - I'll wait to see what others think. Thanks for looking at this so far.
