Should write an article about PGP signatures. I.e. by creating a PGP key and enabling PGP signatures in Git, your individual commits show up as verified on GitHub, like this:
To enable it, it basically comes down to generating a PGP key specifically designed for Code Signatures, preferably one with C and S keys only (Certify and Sign), then it comes down to making Git use them.
git config user.name <GitHub username>
git config user.email <Email address of the PGP key>
git config user.signingkey <PGP key for code signing>
git config gpg.program gpg2
git config commit.gpgsign true
Should write an article about PGP signatures. I.e. by creating a PGP key and enabling PGP signatures in Git, your individual commits show up as verified on GitHub, like this:
To enable it, it basically comes down to generating a PGP key specifically designed for Code Signatures, preferably one with C and S keys only (Certify and Sign), then it comes down to making Git use them.