Commit adf68f2 fixes this pull-request

Read-only methods can be (in most cases) public - now you have me curious. Does Koji have a read-only method that requires authentication?

Does Koji have a read-only method that requires authentication?

Yes, several of the host methods for example.

I see, thanks. I was curious if there was any security sensitive information.

Reading hub/kojihub.py, it looks like this is done with host = Host() and host.verify(), and each of the HostExports methods has that pattern. Most of those RPCs do something with the host object. For example host.isEnabled evaluates "am I enabled or not", or host.getHostTasks evaluates the tasks specific to the logged-in host.

So for these read-only methods, the authentication mechanism is a convenient way to reference the kojid instance's data, and it's not a way to restrict sensitive information.