Sometimes you can see this label in a GitHub commit:
With this popup message:
In that case, the message means:
The commit was signed by the Git committer.
The commit has a different author.
There is no signature from the original author.
I think the message is a little bit misleading because the original commit was created by the author and it was merged into the target base branch using "rebase". And there is no way to keep the original author commit's signature.
Signatures from the author commit have to be verified before merging. I found this process confusing and I have not found a good simple explanation. I would like to add at least the collection of links I have after researching for a better explanation of what's happening behind that message.
Sometimes you can see this label in a GitHub commit:
With this popup message:
In that case, the message means:
I think the message is a little bit misleading because the original commit was created by the author and it was merged into the target base branch using "rebase". And there is no way to keep the original author commit's signature.
Signatures from the author commit have to be verified before merging. I found this process confusing and I have not found a good simple explanation. I would like to add at least the collection of links I have after researching for a better explanation of what's happening behind that message.
File name:
010_GPG-Git-commits-partially-verified.mdFrom GitHub docs: Statuses with vigilant mode enabled