I understand what he meant, I am saying that it would enable attackers to know the existence of a repository without access rights to it. You would be able to try random URLs like “unrealengine5” or “halflife3”, and by getting a login prompt, you would know that such a repository exists.
This isn’t dumb at all.