It’s extremely easy to falsify author information with Git and have it appear as if someone else made a given commit. This could lead to malicious code making its way into your repo with legit looking author info. Using GnuPG (GPG) developers can sign, and others can verify, commits are truly from the right person. Read on to find out how…