Comment 6 for bug 1606203

bzr would have this problem behind any authenticated proxy, yes, so perhaps a less invasive hack would be to test for '@' in the proxy string and unset it only if that exists. (Again, unless somebody can figure out how to fix this in bzr.)