Our devops made an accidental change and we were sure that the problem is a bug in sbt. In fact
www-authentication header was missing and it was breaking things. And very hard to debug.
There may be two useful usability improvements:
- It may be a good idea to show a warning, saying
www-authenticate header was missingin case dependency resolution fails for any repository which is not predefined in sbt
- It may be a good idea to reproduce recent coursier behaviour and not to issue
HEADrequests when there is just one credentials set defined for a particular hostname