We've had a note about this anomaly in our code for a while. It's true that the URL and username shouldn't really be considered secret. The reason we held off on fixing that was that at the time we thought it was somewhat likely that we'd be putting together new registries which might initially be internal, and publishing the registry URLs would effectively leak their existence.
However, now that the plan of record is to use Harbor once we get it deployed, perhaps this isn't an issue, since any internal replication would be via Harbor (and the system of push rules ought to go away anyway, per Mark). So it should be fine to fix this long-standing issue at this point.
We've had a note about this anomaly in our code for a while. It's true that the URL and username shouldn't really be considered secret. The reason we held off on fixing that was that at the time we thought it was somewhat likely that we'd be putting together new registries which might initially be internal, and publishing the registry URLs would effectively leak their existence.
However, now that the plan of record is to use Harbor once we get it deployed, perhaps this isn't an issue, since any internal replication would be via Harbor (and the system of push rules ought to go away anyway, per Mark). So it should be fine to fix this long-standing issue at this point.