It says cryptographically unverified, when it in fact _is_ cryptographically verified.
I'd suggest Github changes this scenario to `partially verified` at the very least (as opposed to "WARNING! WARNING! UNVERIFIED!", but ideally I'd like to be allowed to set whatever author email I want in my git commits, without that impeding on the veracity of my GPG signatures.
My use-case is to not spread an email I care about more than I have to. Enough trawlers already - few if any care to parse GPG keys and extract (it seems).
9/10 times (in my personal experience) they just trawl github commit logs with a webscraping service instead.
Those who think that they must match (that the git commit/tag author email gives any security at all) have a nasty surprise-in-waiting.
