Commits including the GPG KeyID instead of the fingerprint are always 'Unverified'
Summary
Signed commits performed using the EGit client (version 5.5.1) contain only the 16-digit GPG KeyID instead of the 40-digit fingerprint. GitLab does not seem to understand this and always tags these commits 'Unverified', while the git command line client (version 2.20.1) reports a valid signature in both cases.
Steps to reproduce
Sign independent commits using EGit 5.5.1 and git 2.20.1 and check the verfication tag. Furthermore, run git log --show-signature
to show the KeyID/fingerprint used by the signature.
What is the current bug behavior?
GitLab tags commits signed using EGit as 'Unverified'.
What is the expected correct behavior?
GitLab tags commits signed using EGit as 'Verified'.
Related bugs
I also reported this issue as a bug in EGit. EGit should insert the fingerprint into the repository like git does. Nevertheless, GitLab should be able to process both signatures correctly.