diff --git a/pkg/cmd/attestation/verify/policy.go b/pkg/cmd/attestation/verify/policy.go
index d6b55abc0..99e3ea94e 100644
--- a/pkg/cmd/attestation/verify/policy.go
+++ b/pkg/cmd/attestation/verify/policy.go
@@ -74,8 +74,8 @@ func newEnforcementCriteria(opts *Options) (verification.EnforcementCriteria, er
 		c.Certificate.SourceRepositoryOwnerURI = fmt.Sprintf("https://github.com/%s", opts.Owner)
 	}
 
-	// If the OIDCIssuer option has been set, use that custom value
-	// Otherwise check if tenant is provided, select the appropriate default based on that
+	// if issuer is anything other than the default, use the user-provided value;
+	// otherwise, select the appropriate default based on the tenant
 	if opts.OIDCIssuer != verification.GitHubOIDCIssuer {
 		c.Certificate.Issuer = opts.OIDCIssuer
 	} else {