Definitely will mean some interesting things for Git workflows, though. I've long been in favor of requiring every commit to be signed, and making that easy to enforce either in merges or push hooks. On the other hand, Linus is publicly against it[2], with good reasoning, though I don't think compelling enough reason[3].
Signing every commit would completely break the common pattern of handling merges centrally. Most companies, unlike kernel development, have a centralized server with a "trunk" and code review is done as part of that. Signing every commit with your SSH key would break that model, badly, but it could instead be an opportunity to improve the git tooling.
One of my favorite features of the now-defunct Phabricator was that you typically merged your commits with `arc land`, which a) squashed and annotated your merge with the Phabricator code review metadata and b) Deleted your branch. The latter was especially handy, but the former made code review great. Github and Gitlab can do the same as part of their UI, but it would be far better if it were nicely integrated with your existing git workflow, and this would be the opportunity to add prepush hooks to nicely integrate with hosting sites and code review tools.
[1]https://docs.aws.amazon.com/cli/latest/reference/ec2/get-pas... [2]https://web.archive.org/web/20201111174438/http://git.661346... - There has to be a better archive of this mailing list than the wayback machine. Searching for this, though, led me to my previous comment[3] [3] https://news.ycombinator.com/item?id=12291462