Tags signed with SSH key are marked "Unverified" whereas signed commits are "Verified"

Summary

Signing tags with my SSH key on gitlab.com (in public and private repos) ends up having them marked as "Unverified", whereas commits signed with the exact same SSH key has them marked as "Verified".

Steps to reproduce

  1. Create an ED25519 SSH key and add it to your GitLab account.
  2. Commit something to a repository, signing the commit per these instructions. Example: commits show up as verified here.
  3. Create a signed tag (e.g. git tag -s v0.0.1 -m 'Test tag') and push it to the repository. Example: tags show up as unverified here.

Example Project

https://gitlab.com/thane.thomson/unverified-commits-issue

What is the current bug behavior?

UI shows signed tags as "Unverified" where commits signed with the exact same key show up as "Verified".

What is the expected correct behavior?

Tags and commits signed with the same key should all show up as "Verified".

Relevant logs and/or screenshots

Screenshot_2025-07-14_at_3.09.17_PM

Screenshot_2025-07-14_at_3.08.50_PM

Output of checks

N/A

Results of GitLab environment info

N/A

Results of GitLab application Check

N/A

Possible fixes

N/A

Patch release information for backports

N/A

High-severity bug remediation

N/A

Edited by 🤖 GitLab Bot 🤖