Draft: Use committer email in x509 (!200859) · Merge requests · GitLab.org / GitLab

Why

We want to use the committer email instead of the author email when validating x509 commit signatures in the context of mailmap. Currently, when a committer's email is mailmapped, we only check that the new (mailmapped) email address is present in the signature's x509 certificate. However, we do not verify that the original committer email belongs to a verified GitLab user. This change addresses issue #550372 (closed) by storing the original committer email and implementing dual verification:

The mailmapped email must be in the x509 certificate (existing behavior)
The original committer email must belong to a verified GitLab user (new check)

What

implement verification of committer email

Related to #550372 (closed)

Edited Aug 12, 2025 by Hunter Stewart

Draft: Use committer email in x509

Why

What

Merge request reports