I cloned a repository (form chiselapp, if it makes a difference) using the username 'Setok' (and whatever the password is). The clone worked fine. However any fossil operations I then did with the repository would fail. I finally realised that in the repo the username is 'setok'.

I think case sensitive usernames are always a really bad idea, as it's so easy to make an error there. But I'm raising the severity to Important because the clone was successful, so there is no hint given that something is wrong. This may be related to the fact I allowed anonymous cloning — does fossil revert to anonymous if the login credentials were not good? That to me would not be desirable behaviour, as surprises hit later.