Hi, Github just added [0] support for verifying GPG signatures of Git commits to the web interface.
Under the settings page [1] you can now add your public GPG key so Github can verify it. It's rather simple: $ gpg --armor --export w...@widodh.nl That gave me my public key which I could export. Git already supports signing [2] commits with your key. This makes me wonder, is this something we want to enforce? To me it seems like a good thing to have. Wido [0]: https://github.com/blog/2144-gpg-signature-verification [1]: https://github.com/settings/keys [2]: https://git-scm.com/book/en/v2/Git-Tools-Signing-Your-Work