I recently got to know about signed commits and they are recommended. We can sign commits locally with git commit -S. After that I read the git man page and there was an option called -s (used as git commit -s) and it said that option signs the commit. When I look up -S it says that it signs the commit with GPG keys.
I am setting up signed commits with GPG keys in GitHub. Does this make a difference when pushing or is it the same when it comes to pushing to remote?
-S (short for --gpg-sign) uses gnupg to sign your commit adding a PGP signature to it. this is a cryptographic signature certifying that the owner of the gpg key, or an actor who has access to it is making that commit / tag
-s (short for --signoff) adds "Signed-off-by: Username<Email>" to the end of your commit message. anyone could put this string inside the commit message (so it is not any guarantee of the authorship) but it has been used to uphold copyright. some projects require this for DCO "Developer Certificate of Origin" -- essentially a certification that the developer has certified that they have permission to contribute the code