I just got my librem5 and wanted to install some extra software from a git repo (e.g. https://source.puri.sm/david.hamner/librem5_file_share).
However, when trying to clone the repo via https, I’m requested to authenticate.
If I try to clone the very same repo from another device, I don’t need to enter any credentials and download works just fine.
What’s the difference here? How can I fix this?
Works fine here. I get an authentication prompt when I put a typo in the URL - maybe that’s what happened?
That was acually the problem, I checked, the spelling a couple of times, still missing that is had to be ‘hamner’, not ‘hammer’. That this error results in an authentification request ist still kind of confusing.
If it didn’t, you would know that there’s some private repo by that name just by the fact that it asked you for authentication.
Sure, but this doesn’t make it less confusing.
Sure, but security trumps clarity, correctly enforcing the security model is paramount. “private” means “private” - to the extent that you can’t even know whether the repo exists unless you have access.
What makes it less confusing is … knowing how things work. Now that you know, you will be less confused and it will be faster for you to resolve the problem in the future if it occurs.
If it were me, I would have cut-and-pasted the URL, so that this kind of error is far less likely to occur.
Edit: Add: To illustrate the concept … if I try to log in to just about any computer with an invalid username and password combination, do I get two different error messages depending on whether
Most systems will intentionally blur these two scenarios with a single common, bland error message - to prevent an intruder probing for valid usernames, which might then enhance the success of a subsequent attack.
Some systems will even effectively delay the response to a non-existent username in order to prevent a timing attack i.e. to prevent the intruder using the amount of time that it took for the system to generate the response in order to distinguish between the two scenarios.
Yes, there are times when this behaviour is not convenient - and could be confusing - but it is more secure.
No need trying to convince me, security comes with a cost. I undertand this perfectly well and why it’s set up this way.
Just a failed attempt on my side to explain why I was posting dumb questions on the first day with my librem5…
Sure 
I always copy things fearlessly:
Damned if you do. Damned if you don’t.
If you type by hand, it is well known that some parties implement typosquatting for domains. (I realise that in this case your typo was not in the domain part of the URL.)
If you paste direct to shell, you open yourself up to malicious attacks. (You may however choose to trust the source i.e. trust the person who posted the URL / command and trust the web site that hosts the content that includes the URL / command to maintain security of the content. But equally you might not trust.)
I would usually paste to a text editor so that I can have a look - and then copy and paste from the text editor to where I need it.
Nice trick to paste into an editor first.
I wonder what is on the Purism’s list to protect L5 against bitsquatting, so that we won’t update from ruri.sm instead of puri.sm
Lowering the current consumption won’t reduce only the temperature, but the chances to get redirected too.
apt is probably not a good example since software updates are supposed to be signed and the content can be verified as authentic. This is essential so that “mirrors” work.