I saw "(github.com)" next to the article title and thought that maybe Github was spear-heading some sort of effort to enable folks to more easily set up PGP and sign their commits. Alas.<p>That said, +1 to calling out that we ought to be signing and verifying git-commits.