On Thu, Dec 24, 2020 at 12:33 AM Dridi Boukelmoune
<dridi.boukelmoune(a)gmail.com> wrote:
> The weakest point in the current system is really the FAS password. If
> you have a packager's FAS password you can change the ssh key
> associated with the account to another that you control, and the FAS
> password is also all you need to run a build and submit it to Bodhi.
Or you add an SSH key without removing the maintainer's keys on the
off chance that it would go unnoticed...
From what I can tell, the current implementation of FAS does not allow
more than one SSH key per user account.
- Ken