GPG Commit Signatures

DevOps Control will verify GPG commit signatures in the provided tree by checking if the commits are signed by a key within the DevOps Control database, or if the commit matches the default key for Git.

Keys are not checked to determine if they have expired or revoked. Keys are also not checked with keyservers.

A commit will be marked with a grey unlocked icon if no key can be found to verify it. If a commit is marked with a red unlocked icon, it is reported to be signed with a key with an id.

Note: The signer of a commit does not have to be an author or committer of a commit.