A cool feature of using `git` for dependencies is that you can verify signatures of the commits when pulling them into a project.