Why

Having a stable cryptographic identity across machines, git hosts, and e-mail makes collaboration safer and makes ownership verifiable. The public key is pinned on a keyserver so anyone can verify signed commits or encrypted e-mail without trust anchors beyond the key fingerprint.

What

• Primary GPG key generated with a sensible expiration policy and revocation certificate stored offline.
• Subkeys per machine for signing-only and encryption, rotated independently of the primary key.
• git config --global commit.gpgsign true so every commit carries a signature.
• Public key published at keyserver.ubuntu.com.

Usage

Contact e-mail: tim@heinemann.foo. Verify signed commits via the fingerprint on the keyserver.