Git is cryptographically secure, but it’s not foolproof. If you’re taking work from others on the internet and want to verify that commits are actually from a trusted source, Git has a few ways to sign and verify work using GPG.
Introduction to GPG First of all, if you want to sign anything you need to get GPG configured and your personal key installed.
hzxie@XieHaozhe-PC:~$ gpg --list-keys /home/hzxie/.gnupg/pubring.gpg ------------------------------ pub 1024D/381BA480 2007-02-15 uid Johannes Ranke (CRAN Debian archive) <jranke@uni-bremen.de> pub 4096R/3DBF9592 2016-03-28 uid Haozhe Xie (GPG key for GitHub) <cshzxie@gmail.com> sub 4096R/BFEB9969 2016-03-28 If you don’t have a key installed, you can generate one with gpg --gen-key.
If you are or want to be an open-source developer, you must try GitHub. It is a new hosted Git repository service that’s being called a “social network” for programmers. It is basically a distributed version control system designed to handle everything from small to very large projects with speed and efficiency.
Setup SSH key Generate SSH Key If you have created your account at GitHub and now you want to work with it from your terminal.