Question about GPG:

So I understood the concept and successfully applied it to my Gitlab, but how helpful is it?

From what I understood it helps detecting which commits are from verified authors and which are from just someone who has access?

I'd appreciate if someone explains more on how helpful it is :)

Oh I just came through this: https://git-scm.com/book/en/...

Not sure why I didn't see it in the first place. But now I get it, just leaving this rant in-case it helps someone else :)

Only he who has the private key can produce a valid signature, so everybody knows that it was indeed he who wrote this commit.

I love the whole idea of gpg but sadly not many people use it. Security is not that hard, guys!

@TobyAsE if I may ask something happened yesterday when I was setting it up:

I had wrong user.name and user.email in my git config, so it showed up as unverified

But I used the correct credentials to push my commit, so since I have the private key just wrong git info why it was unverified?

Still confused a bit on this

@gitpush you can put additional email addresses into gitlab to verify your signatures if you signed up to gitlab with a different address than what is stored in your key. Took me a little while too. I also did this yesterday ;)

@TobyAsE aaaah ok thanks for the info man :D

I guess I'll need to read more about it lol