Repository configuration option to not make repeated requests to a repository after recieving a 401 during dependency resolution

[Archthebald]

Expected Behavior

If a remote repository returns a 401 (not authorized) when requesting a dependency, we should not try to resolve any further dependencies from that repository for the duration of the current build. This would allow the user to mitigate an incorrect password without potentially locking their account.

Current Behavior

We continue to try to retrieve dependencies from a remote repository despite previous HTTP return codes.

Context

We are using a Maven2 repository that requires basic auth. If the password is incorrect we and there are multiple dependencies,the repository receives multiple invalid access attempts from the provided username and responds by locking the account mid build before the user can mitigate the error. This situation is common enough with the password update requirements on the accounts.

An alternative would be better authentication methods to the repository, but in the environment I work in this is not possible.

[oehme]

We did that in Gradle 4.3 and it let to many complaints, see #3335

Short version: There are many repositories, which are partially public. I.e. they return 200 for some dependencies and 401 for others. If we blacklisted such a repository on the first 401, then we would fail to find things that would actually return 200.