Skip to content

fix(signature): verify against the committer, not the author#125

Merged
benner merged 1 commit into
mainfrom
fix/verify-signature-against-committer
Jun 30, 2026
Merged

fix(signature): verify against the committer, not the author#125
benner merged 1 commit into
mainfrom
fix/verify-signature-against-committer

Conversation

@benner

@benner benner commented Jun 30, 2026

Copy link
Copy Markdown
Owner

A commit's signature is produced by the committer's key, so resolving the GitHub identity and keys from the author rejected every author != committer commit — cherry-picks, rebases, web squash-merges — that GitHub reports as verified.

A commit's signature is produced by the committer's key, so resolving the GitHub identity and keys from the author rejected every author != committer commit — cherry-picks, rebases, web squash-merges — that GitHub reports as verified.

Signed-off-by: Nerijus Bendžiūnas <nerijus.bendziunas@gmail.com>
@github-actions

Copy link
Copy Markdown

Coverage

Coverage Report (Δ +0.0%)
FileStmtsMissCoverMissing
src/git_commit_guard
   __init__.py5160100% 
TOTAL5160100% 

@benner benner marked this pull request as ready for review June 30, 2026 03:57
@benner benner merged commit ebe41e0 into main Jun 30, 2026
9 checks passed
@benner benner deleted the fix/verify-signature-against-committer branch June 30, 2026 03:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant