I would like to create a git repository where it can be proven that every commit (plus the entire previous history) existed at a certain point in time, and I'd like this proof to be contained inside the commits by using a RFC 3161 TSA timestamping service (like these for example https://gist.github.com/Manouchehri/fd754e402d98430243455713efada710).
I found this gwern.net/Timestamping article, where a post-commit hook is used to run a script to timestamp the commit hash. However, if I understand the suggestion correctly, then the RFC 3161 tokens have to be kept separately, while I would like them to be part of the repositories itself.
One thing I could think of would be to always create a second commit that contains no files and just the RFC 3161 timestamp token of the previous commit's hash as its commit message, so it would be always something like
[data commit] - [timestamp token commit] - [data commit] - [timestamp token commit] ...
But then I would need my git repository on the server to only accept a push that follows this structure (and it would need to verify the timestamp tokens before accepting the push).
How could I do this? Or is there a simpler (or maybe even standardized) way of achieving that?
