I have to admit I only skimmed a lot of this extremely long winded rant and didn't get to the end, but AFAICT they're claiming the only "benefit" is a "little verified tick" and that one of the cons is accepting responsibility for previous commits.
I don't think either of those is a fair or accurate assessment.
A signed commit tells you exactly one thing: the person who made the commit is who they say they are, according to the signing key used.
That's it. It's essentially a defence against the nature of git where commits are decoupled from centralised authentication, and thus anyone can make a commit with anyone's name on it.
Signing doesn't prevent you making the commit in the name of someone else (unless you reject unsigned commits) but it stands out as being unsigned.
I don't think either of those is a fair or accurate assessment.
A signed commit tells you exactly one thing: the person who made the commit is who they say they are, according to the signing key used.
That's it. It's essentially a defence against the nature of git where commits are decoupled from centralised authentication, and thus anyone can make a commit with anyone's name on it.
Signing doesn't prevent you making the commit in the name of someone else (unless you reject unsigned commits) but it stands out as being unsigned.