If the tarballs can be reproducibly created on the github repository, I imagine it would go a long way to say that the "official" distribution is the one that has been signed.