Quoth Joshua Haase: > It's not so many work if git is configured to always sign and/or the > package build system sign by default.
Configuring git to sign every commit is a pain if you have a passphrase on your gpg key, or it's tied to a smartcard; entering that every time you commit makes the process a lot more annoying. Yes, I'm sure you could configure gpg-agent to some mode to mitigate that somewhat, but I don't think it's worth it. Just for each tag would be fine.
