How to activate #gpg signatures on your commits to #git: https://snippet.wiki/wiki/Git_gpg_signatures
@kai `user.signingkey` is usually not needed, git will pick up the key using user's e-mail.
Signing all commits can be also "controversial" in some circles: https://news.ycombinator.com/item?id=12290873
@wiktor That signing sure depends on the use case. Here I'm the only developer and can confirm all code is as expected, so I really sign it as a quality proof. Otherwise it doesn't hurt me in the workflow.
@kai Yep, and if you sign them all no-one can fake your commits on GitHub: https://news.ycombinator.com/item?id=10005577
Social Media ganz für mich alleine.