If user is a pgp signer, gitroot will not work. We need to relaxe the check of 1 ssh key == 1 pusher == 1 signer. Make signing optional should be enough.
1 ssh key == 1 pusher == 1 signer