This one will be simple and short.
You're already using GPG to sign your emails?
Well, then simply sign your git commits as well!
To prepare this up globally 2 commands are enough:
git config --global user.email "firstname.lastname@example.org" git config --global user.signingkey 00000000
If you want to sign commits with a different key and associated email address the commands can be used without
--global in a git repository as well:
git config user.email "email@example.com" git config user.signingkey FFFFFFFF
When committing changes
-S must be added to the git commit command:
git commit -S -m "some commit message"
Last but not least: if you're a bit lazy you might want to use a function for your fish shell.
Beside being trusted by your well known PGP key this also gives you a nice Verified-Box on GitHub: