What the bounty proposes is a really complex project, which justifies the now 10 BTC reward.

The primary problem is storage of the Git repos. There are a few options, two of which are promising: GitTorrent and sending Git data over Nostr (but not storing anythign on Nostr).

The secondary problem is determining authenticity. I will have to do some more thinking about this, but I suspect that something like what Linux distributions do might be relevant.