A workflow where the repository gets updated only from repositories whose heads got signed by at least a certain percentage or a certain number of trusted committers.
Mercurial, two hooks for checking and three special files in the repo.
The hooks do all the work - apart from them, the repo is just a normal Mercurial repository. After cloning it, you only need to setup the hooks to activate the workflow.
Hooks: prechangegroup and pretxnchangegroup
Files: .hgtrustedkeys , .hgbackuprepos , .hgtrustminimum
prechangegroup: Copy the local versions of the files for access in the pretxnchangegroup hook (might be unnecessary by letting the pretxnchangegroup hook use the rollback-info).
.hgtrustedkeys contains a list of public GnuPG keys.
.hgbackuprepos contains a list of (pull) links to backup repositories.
.hgtrustminimum contains the percentage or number of keys from which a signature is needed for a head to be accepted.
With this workflow you can even do automatic updates from the repository. It should be ideal for release repositories of distributed projects.
If you want to work on the project, a very worthwhile goal might be implementing it in infocalypse: anonymous code collaboration via Freenet and Mercurial, built to survive the informational apocalypse (and any kind of censorship).
The European Copyright directive threatens online communication in Europe.
If you care about the future of the Internet in the EU, please Call your MEPs.