Today I learned that you can sign your git commit with GPG. Before you can sign your commit, you need to have a GPG keypair configured on your machine.
To generate a GPG keypair, run the following command.
Once you have a GPG keypair, you can sign your commit with
git commit -S -m "your commit message"
You can sign all commits by default in any local repository by running the following command.
git config --global commit.gpgsign true
You can also add your GPG key to your Github account so that they can verify your commits’ signature.