This is just another form of the cryptographic key distribution problem. Doesn't matter where the git repository comes from, you can be sure it hasn't been tampered with if the signatures are valid.

Domains with DNSSEC are an interesting solution. PGP public keys are distributable via DNS records.

https://www.pgp.guide/pgp_dns/

https://weberblog.net/pgp-key-distribution-via-dnssec-openpg...