It's very easy to spoof the author of a git commit that has not been signed. Take a look at these commits "from" Linus Torvalds (the creator of Git): https://goo.gl/33Xd6e
GitHub supports commit signing. Krypton makes it easy to create a PGP key and sign your commits. Get started in just a few minutes. Download Krypton now to protect your work.