Since re-writing commit histories that are been public is not only discouraged by the Git Book itself, but also disastrous for downstream (aka fork) maintainers and even can be an nightmare since they need to rebase their work first, how do co-authors can safely sign their commits or do they need to do the chaos management regarding that to ensure that it's Verified not Partially verified when someone visits their?

This question assumes that at least one of the co-authors has Vigilant Mode enabled on their GitHub accounts and has at least one GPG key added into their account.