Just like blocks maybe? Your peers determine which code (commits) are the trusted ones and then you build the source code based off that commonly agreed upon commit sha.
It's not relying on concrete rules, seems tricky to make it work