1 files changed, 8 insertions, 3 deletions

diff --git a/ci/lint/06_script.sh b/ci/lint/06_script.sh
index c3c7619ef7..f7dacd8512 100755
--- a/ci/lint/06_script.sh
+++ b/ci/lint/06_script.sh
@@ -23,10 +23,15 @@ test/lint/git-subtree-check.sh src/crc32c
 test/lint/check-doc.py
 test/lint/lint-all.sh
 
-if [ "$CIRRUS_REPO_FULL_NAME" = "bitcoin/bitcoin" ] && [ -n "$CIRRUS_CRON" ]; then
-    git log --merges --before="2 days ago" -1 --format='%H' > ./contrib/verify-commits/trusted-sha512-root-commit
+if [ "$CIRRUS_REPO_FULL_NAME" = "bitcoin/bitcoin" ] && [ "$CIRRUS_PR" = "" ] ; then
+    # Sanity check only the last few commits to get notified of missing sigs,
+    # missing keys, or expired keys. Usually there is only one new merge commit
+    # per push on the master branch and a few commits on release branches, so
+    # sanity checking only a few (10) commits seems sufficient and cheap.
+    git log HEAD~10 -1 --format='%H' > ./contrib/verify-commits/trusted-sha512-root-commit
+    git log HEAD~10 -1 --format='%H' > ./contrib/verify-commits/trusted-git-root
     ${CI_RETRY_EXE}  gpg --keyserver hkps://keys.openpgp.org --recv-keys $(<contrib/verify-commits/trusted-keys) &&
-    ./contrib/verify-commits/verify-commits.py --clean-merge=2;
+    ./contrib/verify-commits/verify-commits.py;
 fi
 
 echo