What about the ability to require signed commits so the source history can be cryptographically verified?