<!--IssueSummary start--> <details> <summary> Everyone can contribute. [Help move this issue forward](https://handbook.gitlab.com/handbook/marketing/developer-relations/contributor-success/community-contributors-workflows/#contributor-links) while earning points, leveling up and collecting rewards. </summary> - [Close this issue](https://contributors.gitlab.com/manage-issue?action=close&projectId=278964&issueIid=456793) </details> <!--IssueSummary end--> Originally discussed in https://gitlab.com/gitlab-org/gitlab/-/merge_requests/149860#note_1867618022 ## Problem to Solve When customers migrate from other forges commits on those can be signed by system keys. When those commits are then moved to GitLab, they'll still be signed, but they'll no longer show up as verified. ## Proposal It would be good to verify the authenticity of these commits by using the publicly available key from other forges.