GitHub add support for GPG Signature Verification

It’s official, GitHub has announced (as of April 5th 2016) that they will now be supporting GPG-signed commit verification!

GitHub GPG Verified Commit Signature

A series of gpg-signed commits, showing the signature verification on GitHub

GitHub now shows signed git commits and tags with a green “Verified” button, not only indicating that the commit or tag is signed, but validating the GPG signature against the keys that are known to that user (set in your GitHub account settings)

The signature verification is also visible within Pull Requests, which is a great feature for large open-source projects to verify that code from trusted project members is really from the right people.

Why Signed Commits Are Important

Continue reading