Signing Verification Setting

  • 1 minute(s) read
Prev Next

Signing Verification Settings

The Signing Verification settings control how AllSpice validates commit signatures to ensure authenticity, accountability, and compliance with your team’s security policies.

Commit signing helps guarantee that changes come from trusted contributors and have not been tampered with. These settings let you determine the level of strictness required for your repository.

Signature Trust Models

AllSpice supports multiple trust models for commit signature verification. Each model defines whose signatures are considered valid and under what conditions.

Choose the model that best matches your team’s workflow and security requirements.

Default Trust Model

Uses the site-wide signature trust policy defined by your organization or instance administrator.

Why choose this:
If your team already enforces consistent signing rules across your entire instance, this option ensures the repository follows the same organization-wide security posture without requiring repo-level customization.

Collaborator

Any valid signature from a repository collaborator is trusted, even if the signature does not match the committer identity.

Why choose this:
Useful for teams where:

  • Multiple people share automation or service accounts
  • Contributors commit on behalf of others
  • You need flexibility without strict identity matching

This model prioritizes ease of collaboration while still ensuring signatures come from trusted team members.

Committer

Only signatures that match the committer identity are trusted.

Because AllSpice re-signs commits (AllSpice becomes the committer for signed commits), actual authors are included through:

  • Co-authored-by:
  • Co-committed-by:

This requires the default AllSpice signing key to map to a valid user.

Why choose this:
Select this model if you need strict identity assurance—for example:

  • Compliance or audit workflows
  • Repositories with strict traceability requirements
  • Teams that must guarantee each commit is signed by the person attributed as the committer

Collaborator + Committer

A hybrid approach:
Valid signatures from collaborators are trusted only if the signature matches the committer identity.

Why choose this:
This model combines the security of committer-matching with the practicality of collaborator trust. It prevents impersonation but still allows teams to collaborate using shared workflows, bots, or review processes.