The API for listing commits for public repo should not require authentication. This leads to unnecessary inclusion of credentials in automated processes.