Comment by gocartStatue
7 years ago
> It might not be directly integrated with git
That's the problem I see. I have signingkey in .gitconfig, together with [commit] gpgsign = true. This way, set & forget, all my commits are signed (it's my employer requirement, probably some "compliance" stuff). You can see it right away nicely displayed as "Verified" on github. I didn't know about GPG-s supposedly weak security until now, but always considered it not very convenient to use.
Ah, well if your employer mandates PGP signatures on every commit, that's that.
FWIW, the creator of git argues that signing of every commit is essentially pointless. [1] I agree.
[1] http://git.661346.n2.nabble.com/GPG-signing-for-git-commit-t...