On Thu, Dec 24, 2020 at 12:33 AM Dridi Boukelmoune <dridi.boukelmo...@gmail.com> wrote: > > > The weakest point in the current system is really the FAS password. If > > you have a packager's FAS password you can change the ssh key > > associated with the account to another that you control, and the FAS > > password is also all you need to run a build and submit it to Bodhi. > > Or you add an SSH key without removing the maintainer's keys on the > off chance that it would go unnoticed...
From what I can tell, the current implementation of FAS does not allow more than one SSH key per user account. - Ken _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
