signing a SHA1 doesnt increase confidence in SHA1 in any way. it's still a SHA1.
you missed the "resources" aspect. high compression means significantly higher cpu/mem usage which makes scaling up much harder. plus, our mirrors now have to run a git daemon to do mirroring ? it just doesnt work out.
as a developer, you can mirror the VCS tree yourself.