Looking forwards to when this gets added to git in v2.34. Setting up pgp for commit signing is such a pain. Yet since ssh is installed everywhere and I'm using it for git anyways, that's one less setup step to worry about.
Is it a pain? At it's most basic, it's just one line of config in .git/config. The hard part is keeping track of historical keys and revocations, so that historical commits can be validated if they were made before (but not after) a revocation. And when that happens, you immediately run into the problem that time information in git offers zero security, and that the whole operation is moot.