In the old days, we had "signing parties" where your friends in meatspace would sign your key and that was robust. At least you know by N degrees of separation, if your friend had signed someone's key, then that someone was probably OK trust wise. Repeat for N degrees of separation on your keychain. That's "pretty good" trust with poor scalability.

We also had public key servers which would somehow link an email to a public key. I guess a key server could validate the email, so at least you know that email went with that key. And by reputation on the intertubes, you might infer a frequent committer (email) to some project seemed ok, so maybe you could trust them. Less trust with better scalability: keyservers and emails can always be pwned.

A blockchain is an immutable, global, ledger. Everyone knows what old entries were added by what key signing whatever payload; they're all cemented in there for the world to read. There's no way to un-publish an old entry. So I can put my pub key on there, then sign commits in my project with it. Now, you don't have to trust any email server or any keyserver: you can look at a new commit in that project, see who signed it, and then go find my key and earlier commits on that blockchain. You still don't know if I'm evil or not, but at least you know I'm the same signer of all the other commits.