This tool can help to ensure that commits have not been falsely authored. For
example, if you receive an ease.js repository from a friend, there is no way to
verify that a commit from "Mike Gerwitz" is actually a commit from myself unless
it has been signed using my private key. This additional check will help to
ensure the integrity of the repository.
Please note that automated systems should *not* invoke this utility directly
from this repository, unless it is invoked using a previously trusted commit.
Otherwise, an attacker need only alter the script to competely evade the check.
Mike Gerwitz