with signed & verified git commits
Git supports signing commits with a private key and GitHub (& many other git servers) supports verifying those commits with a public key.
Signed and verified commits are marked as “Verified” by GitHub. This provides a level of verification for the commit.
Why sign the commits?
When creating a new commit, I can simply…