Signing your commits in git

We’ll need your signature, mister

I’ve gotten into the habit at work of signing my commits in git with my GPG key. It adds an extra layer of integrity to the source code, as it enables us to know who produced each commit (if the practice is followed widely).

It requires some initial configuration, but after that, it adds very little overhead.

Even if your organization doesn’t have a policy requiring it, I think it’s still…