GPG commit signatures are confusing when committer != author

Summary

GitLab now allows you to have GPG-signed commits, with a pretty Verified box, which is great.

However, I can create a commit where the author is not the committer (git commits store both items separately). In GitLab, we always show the author, but the signature is for the committer. This distinction is not visible at a glance from the UI.

Steps to reproduce

View https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/14067/commits

What is the current bug behavior?

At first glance, it seems that the commit is verified by @brodock when in fact it is verified by @nick.thomas. Mousing over, the text box shows that the committer is in fact @nick.thomas, but it's not entirely obvious.

What is the expected correct behavior?

I'm not sure. Perhaps we need some design on this - we could use Verified by committer in this case?

The commit page: https://gitlab.com/gitlab-org/gitlab-ce/commit/58f5dbb99293d757e13f80e297401826174c3095 shows committer details but it's still not obvious at first glance whether author or committer is the verifier.

Relevant logs and/or screenshots

Screenshot_from_2017-09-27_14-18-43

Screenshot_from_2017-09-27_14-19-07

Edited by 🤖 GitLab Bot 🤖