Having access to a code base to which you can make changes to poses some risks besides the obvious benefits. Commit signing is a great way to make sure of the individual's identity who is making these changes, and not just someone who gained access to the contributors' git account.
The following packages are required: