Displaying verification statuses for all of your commits

You can enable vigilant mode for commit signature verification to mark all of your commits and tags with a signature verification status.

Note: Vigilant mode is currently in beta and subject to change.

About vigilant mode

When you work locally on your computer, Git allows you to set the author of your changes and the identity of the committer. This, potentially, makes it difficult for other people to be confident that commits and tags you create were actually created by you. To help solve this problem you can sign your commits and tags. For more information, see "Signing commits" and "Signing tags." GitHub marks signed commits and tags with a verification status.

By default commits and tags are marked "Verified" if they are signed with a GPG or S/MIME key that was successfully verified. If a commit or tag has a signature that can't be verified by GitHub, we mark the commit or tag "Unverified." In all other cases no verification status is displayed.

However, you can give other users increased confidence in the identity attributed to your commits and tags by enabling vigilant mode in your GitHub settings. With vigilant mode enabled, all of your commits and tags are marked with one of three verification statuses.

Signature verification statuses

StatusBeschreibung
VerifiedThe commit is signed, the signature was successfully verified, and the committer is the only author who has enabled vigilant mode.
Partially verifiedThe commit is signed, and the signature was successfully verified, but the commit has an author who: a) is not the committer and b) has enabled vigilant mode. In this case, the commit signature doesn't guarantee the consent of the author, so the commit is only partially verified.
UnverifiedAny of the following is true:
- The commit is signed but the signature could not be verified.
- The commit is not signed and the committer has enabled vigilant mode.
- The commit is not signed and an author has enabled vigilant mode.

You should only enable vigilant mode if you sign all of your commits and tags and use an email address that is verified for your account on GitHub as your committer email address. After enabling this mode, any unsigned commits or tags that you generate locally and push to GitHub will be marked "Unverified."

Du kannst den Verifizierungsstatus Deines signierten Commits oder Tags auf GitHub überprüfen und sehen, warum Deine Commit-Signaturen möglicherweise nicht verifiziert sind. Weitere Informationen finden Sie unter „Verifizierungsstatus Ihrer Commit- und Tag-Signaturen überprüfen“.

Enabling vigilant mode

  1. Klicke in der oberen rechten Ecke einer beliebigen Seite auf Dein Profilfoto und klicke dann auf Settings (Einstellungen). Symbol „Settings" (Einstellungen) auf der Benutzerleiste

  2. Klicke in der Seitenleiste für Benutzereinstellungen auf SSH and GPG keys (SSH- und GPG-Schlüssel). Authentifizierungsschlüssel

  3. On the SSH Settings page, under "Vigilant mode," select Flag unsigned commits as unverified.

    Flag unsigned commits as unverified checkbox

Did this doc help you?

Privacy policy

Help us make these docs great!

All GitHub docs are open source. See something that's wrong or unclear? Submit a pull request.

Make a contribution

Oder, learn how to contribute.