Super useful, thanks a lot! Do you happen to know what happens when a signed commit gets cherry-picked/rebased by someone else? I assume the signature would then be invalid. In the git documentation I see an option for these commands to sign or not the rebased/cherry-picked commit, but they don't say whether the now-invalid signature gets removed or not by default.

Actually yes, but I had to ask too. The cherry-picker person’s sig replaces the original, signing the new data.

This is great - and refreshingly real!!