this is used to make a difference between a committer email that belongs
to user, where the user used a different email for the gpg key. this
means that the user is the same, but a different, unverified email is
used for the signature.