Signing GitHub Commits

This one is going to be a more technical post on how to sign commits. I will write a separate blog post about key signing and GPG in particular later. This guide is written for everyone. It doesn’t matter if you have never used GPG before or you are the creator of it. Why sign commits at all? While git cryptographically is secure, you cannot be sure that work really comes from a specific person that claims to be the source of it. »