OR13
commented
5 years ago I agree, I've been working to try and create a Signature Suite that supports OpenPGP, hoping it might help with exactly this linkage (commits and proofs signed by GPG keys!)...
I'm still seeking another editor for the signature suite proposal:
https://github.com/w3c-ccg/community/issues/71
There are also RSA signature suites which might be compatible, but more investigation is needed i think:
https://github.com/transmute-industries/RsaSignature2017
https://github.com/digitalbazaar/jsonld-signatures
Finding a suite that is compatible with GPG seems like a requirement for this, but I suppose a mixed keys approach could be used, and might even be advisable: single proof purpose per key.
I think it is a good idea for us to use Linked Data Proofs for the signatures that are stored in Git commits. This seems like the right thing to do.