Comment 1 for bug 1845530

> (I'm still looking for the doc that contains this edict; but ask mordred or anyone on the api-sig.)

this document has not been published but has been discussed for quite awhile now. you can see the review here:

https://review.opendev.org/#/c/459710/17/guidelines/discoverability.rst

see line 93

we (the api-sig), are working to get these backlogged guidelines published but this point about un-authenticated access to the version discovery is not in dispute.