How to activate #gpg signatures on your commits to #git: https://snippet.wiki/wiki/Git_gpg_signatures
@kai `user.signingkey` is usually not needed, git will pick up the key using user's e-mail.
Signing all commits can be also "controversial" in some circles: https://news.ycombinator.com/item?id=12290873
@wiktor That signing sure depends on the use case. Here I'm the only developer and can confirm all code is as expected, so I really sign it as a quality proof. Otherwise it doesn't hurt me in the workflow.
@kai Yep, and if you sign them all no-one can fake your commits on GitHub: https://news.ycombinator.com/item?id=10005577
Server run by the main developers of the project It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!