github · Octomerger · Apr 28, 2021 · Apr 28, 2021 · Apr 28, 2021 · Apr 28, 2021
diff --git a/assets/images/help/commits/signature-verification-statuses.png b/assets/images/help/commits/signature-verification-statuses.png
diff --git a/assets/images/help/commits/vigilant-mode-checkbox.png b/assets/images/help/commits/vigilant-mode-checkbox.png
diff --git a/content/github/administering-a-repository/about-protected-branches.md b/content/github/administering-a-repository/about-protected-branches.md
@@ -47,6 +47,8 @@ For each branch protection rule, you can choose to enable or disable the followi
 - [Allow force pushes](#allow-force-pushes)
 - [Allow deletions](#allow-deletions)
 
+For more information on how to set up branch protection, see "[Managing a branch protection rule](/github/administering-a-repository/managing-a-branch-protection-rule)."
+
 #### Require pull request reviews before merging
 
 {% data reusables.pull_requests.required-reviews-for-prs-summary %}
@@ -100,7 +102,15 @@ When you enable required commit signing on a branch, contributors {% if currentV
 
 {% note %}
 
+{% if currentVersion == "free-pro-team@latest" %}
+**Notes:** 
+
+* If you have enabled vigilant mode, which indicates that your commits will always be signed, any commits that {% data variables.product.prodname_dotcom %} identifies as "Partially verified" are permitted on branches that require signed commits. For more information about vigilant mode, see "[Displaying verification statuses for all of your commits](/github/authenticating-to-github/displaying-verification-statuses-for-all-of-your-commits)."
+* If a collaborator pushes an unsigned commit to a branch that requires commit signatures, the collaborator will need to rebase the commit to include a verified signature, then force push the rewritten commit to the branch.
+
+{% else %}
 **Note:** If a collaborator pushes an unsigned commit to a branch that requires commit signatures, the collaborator will need to rebase the commit to include a verified signature, then force push the rewritten commit to the branch.
+{% endif %}
 
 {% endnote %}
 

diff --git a/content/github/authenticating-to-github/about-commit-signature-verification.md b/content/github/authenticating-to-github/about-commit-signature-verification.md
@@ -1,6 +1,6 @@
 ---
 title: About commit signature verification
-intro: 'Using GPG or S/MIME, you can sign tags and commits locally. These tags or commits are marked as verified on {% data variables.product.product_name %} so other people can trust that the changes come from a trusted source.'
+intro: 'Using GPG or S/MIME, you can sign tags and commits locally. These tags or commits are marked as verified on {% data variables.product.product_name %} so other people can be confident that the changes come from a trusted source.'
 redirect_from:
   - /articles/about-gpg-commit-and-tag-signatures/
   - /articles/about-gpg/
@@ -16,15 +16,34 @@ topics:
 
 ### About commit signature verification
 
-You can sign commits and tags locally, so other people can verify that your work comes from a trusted source. If a commit or tag has a GPG or S/MIME signature that is cryptographically verifiable, {% data variables.product.product_name %} marks the commit or tag as verified.
+You can sign commits and tags locally, to give other people confidence about the origin of a change you have made. If a commit or tag has a GPG or S/MIME signature that is cryptographically verifiable, GitHub marks the commit or tag {% if currentVersion == "free-pro-team@latest" %}"Verified" or "Partially verified."{% else %}"Verified."{% endif %}
 
 ![Verified commit](/assets/images/help/commits/verified-commit.png)
 
-If a commit or tag has a signature that cannot be verified, {% data variables.product.product_name %} marks the commit or tag as unverified.
+{% if currentVersion == "free-pro-team@latest" %}
+Commits and tags have the following verification statuses, depending on whether you have enabled vigilant mode. By default vigilant mode is not enabled. For information on how to enable vigilant mode, see "[Displaying verification statuses for all of your commits](/github/authenticating-to-github/displaying-verification-statuses-for-all-of-your-commits)."
+
+{% data reusables.identity-and-permissions.vigilant-mode-beta-note %}
+
+#### Default statuses
+
+| Status         | Description |
+| -------------- | ----------- |
+| **Verified**   | The commit is signed and the signature was successfully verified.
+| **Unverified** | The commit is signed but the signature could not be verified.
+| No verification status | The commit is not signed.
+
+#### Statuses with vigilant mode enabled
+
+{% data reusables.identity-and-permissions.vigilant-mode-verification-statuses %}
+
+{% else %}
+If a commit or tag has a signature that can't be verified, {% data variables.product.product_name %} marks the commit or tag "Unverified."
+{% endif %}
 
 Repository administrators can enforce required commit signing on a branch to block all commits that are not signed and verified. For more information, see "[About protected branches](/github/administering-a-repository/about-protected-branches#require-signed-commits)."
 
-You can check the verification status of your signed commits or tags on {% data variables.product.product_name %} and view why your commit signatures might be unverified. For more information, see "[Checking your commit and tag signature verification status](/articles/checking-your-commit-and-tag-signature-verification-status)."
+{% data reusables.identity-and-permissions.verification-status-check %}
 
 {% if currentVersion == "free-pro-team@latest" %}
 {% data variables.product.product_name %} will automatically use GPG to sign commits you make using the {% data variables.product.product_name %} web interface, except for when you squash and merge a pull request that you are not the author of. You can optionally choose to have {% data variables.product.product_name %} sign commits you make in {% data variables.product.prodname_codespaces %}. Commits signed by {% data variables.product.product_name %} will have a verified status on {% data variables.product.product_name %}. You can verify the signature locally using the public key available at https://github.com/web-flow.gpg. For more information about enabling GPG verification for your codespaces, see "[Managing GPG verification for {% data variables.product.prodname_codespaces %}](/github/developing-online-with-codespaces/managing-gpg-verification-for-codespaces)."

diff --git a/...icating-to-github/checking-your-commit-and-tag-signature-verification-status.md b/...icating-to-github/checking-your-commit-and-tag-signature-verification-status.md
@@ -17,23 +17,20 @@ topics:
 
 1. On {% data variables.product.product_name %}, navigate to your pull request.
 {% data reusables.repositories.review-pr-commits %}
-3. Next to your commit's abbreviated commit hash, there is a box that shows whether your commit signature is verified or unverified.
+3. Next to your commit's abbreviated commit hash, there is a box that shows whether your commit signature is verified{% if currentVersion == "free-pro-team@latest" %}, partially verified,{% endif %} or unverified.
 ![Signed commit](/assets/images/help/commits/gpg-signed-commit-verified-without-details.png)
-4. To view more detailed information about the commit signature, click **Verified** or **Unverified**.
+4. To view more detailed information about the commit signature, click **Verified**{% if currentVersion == "free-pro-team@latest" %}, **Partially verified**,{% endif %} or **Unverified**.
 ![Verified signed commit](/assets/images/help/commits/gpg-signed-commit_verified_details.png)
 
-If your commit signature is unverified, you can learn more about why by clicking the **Unverified** box.
-![Unverified signed commit](/assets/images/help/commits/gpg-signed-commit-unverified-details.png)
-
 ### Checking your tag signature verification status
 
 {% data reusables.repositories.navigate-to-repo %}
 {% data reusables.repositories.releases %}
 2. At the top of the Releases page, click **Tags**.
 ![Tags page](/assets/images/help/releases/tags-list.png)
-3. Next to your tag description, there is a box that shows whether your tag signature is verified or unverified.
+3. Next to your tag description, there is a box that shows whether your tag signature is verified{% if currentVersion == "free-pro-team@latest" %}, partially verified,{% endif %} or unverified.
 ![verified tag signature](/assets/images/help/commits/gpg-signed-tag-verified.png)
-4. To view more detailed information about the tag signature, click **Verified** or **Unverified**. If your tag signature is unverified, you can learn more about why by clicking the **Unverified** box.
+4. To view more detailed information about the tag signature, click **Verified**{% if currentVersion == "free-pro-team@latest" %}, **Partially verified**,{% endif %} or **Unverified**. 
 ![Verified signed tag](/assets/images/help/commits/gpg-signed-tag-verified-details.png)
 
 ### Further reading

diff --git a/...nticating-to-github/displaying-verification-statuses-for-all-of-your-commits.md b/...nticating-to-github/displaying-verification-statuses-for-all-of-your-commits.md
@@ -0,0 +1,36 @@
+---
+title: Displaying verification statuses for all of your commits
+shortTitle: Displaying verification for all commits
+intro: You can enable vigilant mode for commit signature verification to mark all of your commits and tags with a signature verification status.
+versions:
+  free-pro-team: '*'
+topics:
+  - identity
+  - access management
+---
+
+{% data reusables.identity-and-permissions.vigilant-mode-beta-note %}
+
+### About vigilant mode
+
+When you work locally on your computer, Git allows you to set the author of your changes and the identity of the committer. This, potentially, makes it difficult for other people to be confident that commits and tags you create were actually created by you. To help solve this problem you can sign your commits and tags. For more information, see "[Signing commits](/github/authenticating-to-github/signing-commits)" and "[Signing tags](/github/authenticating-to-github/signing-tags)." {% data variables.product.prodname_dotcom %} marks signed commits and tags with a verification status. 
+
+By default commits and tags are marked "Verified" if they are signed with a GPG or S/MIME key that was successfully verified. If a commit or tag has a signature that can't be verified, {% data variables.product.prodname_dotcom %} marks the commit or tag "Unverified." In all other cases no verification status is displayed.
+
+However, you can give other users increased confidence in the identity attributed to your commits and tags by enabling vigilant mode in your {% data variables.product.prodname_dotcom %} settings. With vigilant mode enabled, all of your commits and tags are marked with one of three verification statuses.
+
+![Signature verification statuses](/assets/images/help/commits/signature-verification-statuses.png)
+
+{% data reusables.identity-and-permissions.vigilant-mode-verification-statuses %}
+
+You should only enable vigilant mode if you sign all of your commits and tags. After enabling this mode, any unsigned commits or tags that you generate locally and push to {% data variables.product.prodname_dotcom %} will be marked "Unverified."
+
+{% data reusables.identity-and-permissions.verification-status-check %}
+
+### Enabling vigilant mode
+
+{% data reusables.user_settings.access_settings %}
+{% data reusables.user_settings.ssh %}
+3. On the SSH Settings page, under "Vigilant mode," select **Flag unsigned commits as unverified**.
+
+   ![Flag unsigned commits as unverified checkbox](/assets/images/help/commits/vigilant-mode-checkbox.png)
diff --git a/content/github/authenticating-to-github/index.md b/content/github/authenticating-to-github/index.md
@@ -82,6 +82,7 @@ topics:
     {% link_in_list /error-were-doing-an-ssh-key-audit %}
 {% topic_link_in_list /managing-commit-signature-verification %}
     {% link_in_list /about-commit-signature-verification %}
+    {% link_in_list /displaying-verification-statuses-for-all-of-your-commits %}
     {% link_in_list /checking-for-existing-gpg-keys %}
     {% link_in_list /generating-a-new-gpg-key %}
     {% link_in_list /adding-a-new-gpg-key-to-your-github-account %}

diff --git a/content/github/developing-online-with-codespaces/about-billing-for-codespaces.md b/content/github/developing-online-with-codespaces/about-billing-for-codespaces.md
@@ -12,18 +12,4 @@ topics:
 
 {% data reusables.codespaces.about-billing-for-codespaces %}
 
-Compute costs are incurred only when a codespace is active. When you're using a codespace, the codespace is active. After 30 minutes of inactivity, a codespace becomes suspended automatically. 
-
-Compute usage is billed per hour, at a rate that depends on your codespace's instance type. During the beta, {% data variables.product.prodname_codespaces %} offers a single, Linux instance type. At general availability, we'll support three Linux instance types.
-
-| Instance Type (Linux)                   | Per-hour rate |
-| --------------------------------------- | ------------- |
-| Basic (2 cores, 4GB RAM, 32 GB SSD)     | $0.085        |
-| Standard (4 cores, 8 GB RAM, 32 GB SSD) | $0.169        |
-| Premium (8 cores, 16 GB RAM, 32 GB SSD) | $0.339        |
-
-Compute pricing may vary for additional instance types and operating systems supported in the future.
-
-Each codespace also incurs monthly storage costs until you delete the codespace. Storage costs for all instance types are $0.10/GB-month.
-
-We'll share more information about any compute and storage usage included in each plan at general availability.
+Updates on the billing model for Codespaces will be shared in an upcoming announcement.
diff --git a/data/reusables/identity-and-permissions/verification-status-check.md b/data/reusables/identity-and-permissions/verification-status-check.md
@@ -0,0 +1 @@
+You can check the verification status of your signed commits or tags on {% data variables.product.product_name %} and view why your commit signatures might be unverified. For more information, see "[Checking your commit and tag signature verification status](/articles/checking-your-commit-and-tag-signature-verification-status)."
diff --git a/data/reusables/identity-and-permissions/vigilant-mode-beta-note.md b/data/reusables/identity-and-permissions/vigilant-mode-beta-note.md
@@ -0,0 +1,5 @@
+{% note %}
+
+**Note:** Vigilant mode is currently in beta and subject to change.
+
+{% endnote %}
diff --git a/data/reusables/identity-and-permissions/vigilant-mode-verification-statuses.md b/data/reusables/identity-and-permissions/vigilant-mode-verification-statuses.md
@@ -0,0 +1,5 @@
+| Status         | Description |
+| -------------- | ----------- |
+| **Verified**   | The commit is signed, the signature was successfully verified, and the committer is the only author who has enabled vigilant mode. 
+| **Partially&nbsp;verified** | The commit is signed, and the signature was successfully verified, but the commit has an author who: a) is not the committer and b) has enabled vigilant mode. In this case, the commit signature doesn't guarantee the consent of the author, so the commit is only partially verified.
+| **Unverified** | Any of the following is true:<br>- The commit is signed but the signature could not be verified.<br>- The commit is not signed and the committer has enabled vigilant mode.<br>- The commit is not signed and an author has enabled vigilant mode.<br>
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		You can check the verification status of your signed commits or tags on {% data variables.product.product_name %} and view why your commit signatures might be unverified. For more information, see "[Checking your commit and tag signature verification status](/articles/checking-your-commit-and-tag-signature-verification-status)."