By using cryptographic signing of commits, it is possible to verify the true identity of the committer. Revisions can be signed automatically at the time they are committed, or later manually. Signed commits are verified automatically when viewing the logs, or can be verified manually.
There are a few things to prepare in order to use signatures with Bazaar:
gpgmePython module for working with GnuPG
Getting a digital signature key for signing is beyond the scope of this book. Please refer to the following article for more information: