Signed Git Commits - How do I redact email?

I wish to provide GPG signing with my local keys moving forward. However, when I do, in order to be marked as Verified, I need to set my ~/.gitconfig email value to the GPG email address (which must be verified within github).

This is not what I want, I want to redact that data to reduce the likelihood of spam from git repo crawlers. How can I achieve this?

You can use a GitHub e-mail address for commits. You can activate this in Settings → Emails

You can also, as you see, block pushes if it doesn’t match the GitHub address.

More information can be found here: Setting your commit email address - GitHub Docs

I tried setting my email to that value, the commit signing message is The email in this signature doesn’t match the committer email.

Did you follow the documentation and set your git config to the GitHub address?
When I updated this, I had no problems.

There is also a related thread: The email in this signature doesn’t match the committer email. - #3 by goingfast
Regarding this, your issue could also be related to wrong GPG settings.

I tried with both and with settings as per your screenshots above, both situations are marked as ‘unverified’. When I use the email address specified with the GPG key, it is marked as verified.

Unsure what I might be doing wrong…

The email address from the GPG should the same as the GitHub email address from your email settings. If you used a different email address for GPG signing, then it’s obviously not working.
Since I don’t know what exactly you did, I just can point to the referenced documentation.
I followed it step by step and it worked on the first try. So re-verify every single step from this documentation first, before asking for further help.

Ah, the issue was that my GPG key was not bound to the github noreply address, once I modified the GPG key to support the email, it worked. Thank you for your help.

@Github team, some extra troubleshooting data within the UI on your end would be nice :slight_smile: