A "verified" commit is a commit which has been signed with a GPG key that GitHub has been told about. Git itself has supported signing commits with a GPG key for a while, but GitHub only recently added this feature, which makes it quick and easy to see if a commit has been verified.

This feature prevents impersonating another user's commits. For example, if Linus Torvalds used it, you could easily tell that this commit has been forged.

Create a Keybase.io Account

At Promptworks, we love using Keybase.io to easily share encrypted data, manage our public keys, and verify our online identities. In addition to these great features, we can now use it to verify our commits on GitHub as well.

Keybase is currently invite only, but once you are able to get ahold of an invite, accept the invitation and follow along: