It’s pretty clear that GPG signing and GitHub ssh keys serve different purposes
But what is the use of GPG signing commits? Is it just that you know that commit
abcd1234 was signed by Alice’s key? Is there anything else that GPG signing a commit is useful for?