This post details how to set-up GPG to sign your commits/tags, as well as adding your GPG public keys to your GitHub account.
In this blog post, I will detail how you can set-up their system such that they can use a GPG key to sign their git commits/tags and why you need to.
Judging from the title of this post you are probably wondering, why should I even sign my commits or what is GPG and what difference does this make. You would also probably be like, I have been pushing code to GitHub for ages and why do I need to sign my commits now...
According to their <href=https://gnupg.org/">website: