While others could have a backup of a Git repository, I need to find them first — so discoverability is a problem. Next thing is integrity - how do I know that the git history I receive has not been tampered with?
Yes. Git commits include the hash of the previous commit, creating a cryptographic chain. If you can verify the signature at the tip of a branch you effectively verify the complete history of the branch.
Sadly not every maintainer signs their commits or tags.