A git factoid plugin is a great idea. What exactly is the attestation that you have in mind? You provide the name of a repo plus a tag, and the VN issues a certificate of the hash?
Something along those lines. The Linux kernel maintainers do a great job tagging releases and ensuring that they are signed appropriately. Others are less careful, and it'd be useful to know that the content you saw tagged as 0.5.9 a month ago is the same as what you see today. Git allows you to check this, but only if you keep your repository around.
I can see uses extending beyond tags, where people wish to claim that code existed at a particular point in time. It's possible to fake the git metadata and push the faked commit. If your notary can say that a particular commit was public, you raise the bar from changing the system clock to inventing time travel (or hacking the notary, whichever is your cup of tea).
