Code review comment for lp:~stevenk/launchpad/expose-iarchive-newauth

As William mentions on IRC, it doesn't seem desirable to let people retrieve private sources list lines for other people using the API. You probably want to force person to always be REQUEST_USER.

Not as important, but it would be nice to test that demonstrates newAuthToken does indeed raise ArchiveNotPrivate if the archive is not private.

And to nitpick: there's a missing empty line above the definition of TestArchiveTokens.