### Summary I've configured SSH key signing of my own commits, but when viewing the commits on GitLab it says it's a _different user's signature._ If this is actually the case, and not just a bug in GitLab, then as far as I understand it would mean that my SSH key has been compromised. ### Steps to reproduce 1. Create an SSH key pair in `~/.ssh` 1. Log into gitlab.com 2. Add the public key to https://gitlab.com/-/profile/keys 3. Add the following to `~/.gitconfig`: ```gitconfig [commit] gpgsign = true [gpg] format = ssh [gpg "ssh"] allowedSignersFile = /home/username/.ssh/allowed_signers [user] signingkey = /home/username/.ssh/id_rsa.pub ``` 4. Add the following to `~/.ssh/allowed_signers`, replacing the email address and public key with your own values: ```text username@example.org namespaces="git" [the contents of ~/.ssh/id_rsa.pub without the square brackets] ``` 5. Commit something with the `git commit -S` flag to sign the commit 6. Verify that `git show --show-signature` says 'Good "git" signature for username@example.org with RSA key SHA256:[omitted]' 7. Push the commit to GitLab ### Example Project https://gitlab.com/engmark/root/-/merge_requests/383/commits ### What is the current *bug* behavior? The commit is marked as "Unverified" in GitLab, with a message like this one: > Different user's signature > > This commit was signed with a different user's verified signature. > SSH key fingerprint: [omitted] ### What is the expected *correct* behavior? The commit should say it's verified. ### Relevant logs and/or screenshots  ## Other info My ["commit email" on GitLab](https://gitlab.com/-/profile) is different from the email address which is in my actual commits.. It might be relevant that I have configured *two* SSH keys in GitLab. I always type my email address in lower case, so this isn't relevant. ### Output of checks This bug happens on GitLab.com