GitHub is the victim of widespread malware attacks that affect projects including crypto

To ensure that all revisions can be verified, the developer who discovered the vulnerability asked developers to sign their revisions using the GPG key.

Jon
Opinion writer on 7trade7