In real-world scenarios, deploying multiple projects on a single server is very common. However, Gogs restricts a deploy key to be used by only one repository. This forces users into one of the following situations:

1. Configure and manage multiple deploy keys.
2. Set up a proxy user account and bind an SSH key.
3. Directly use the server’s key as a user key.

All of this is just to prevent the low-probability risk of a “read-only deploy key leak.” The result is that users are forced to either accept guaranteed inconvenience or face even greater risks.
It feels like Gogs has set up the “People’s Court” from The Dark Knight Rises.

a) By forbidding a deploy key from being reused, some choices actually become less secure.
b) Allowing multiple repositories to share a deploy key would still make it possible to apply the same security strategies.

Right now, everyone has to permanently pay the price for the scenario of “a user with no security awareness who accidentally leaks a single deploy key.”

Heat death comes faster because of this decision.