How can I use RFC3161 (trusted) timestamps to prove the age of commits in my Git repository?

Question

Updated

I have posted a script I\'m using for this to the StackExchange Code Review site.

My original question for this was Is there a way I can sign a

Answer 1

All you have to do, is publish the SHA1 (the commit id) publicly. If you like, you can take that SHA1 and sign it with your X.509 certificate (using an appropriate timestamping service) and keep that around. If anybody challenges your authorship, you can easily show that you knew the contents of the repository at the particular time that generated that particular SHA1. You don't need to actually store any signature inside the code repository.