This is also a thing.
Pretty cool they print the hash in the New York times to verify. They will sign your document temporally and the time of signature can be verified against the hash ran in the nyt. Been doing that since 1995. Lulz.
Plus you can something something “block chain” your solution.
Hi Wendell!
I am honoured 
That’s an interesting article.
I am kind of sad that Blockchain became so mainstream. It makes it hard to discuss it siriously. On one hand it’s an interesting nerd topic that is now “mainstream suitable”, on the other you get reactions like “Oh, you are mining crypto currency”. “N…No -sigh- that’s not what …” I would love for there to be an alternative that just is not that power hungry. There are some interesting concepts in the works.
Write the file onto a CD-R, mark CD-R with a timestamp, put it into a bank’s holding cell or notary’s custody. Use another WORM device if you want to get fancy.
checksums?
Or back it up to a read only medium (rom)?
hmmm, … interesting
What kind of read only memory are you thinking about? I guess when you assume that it can not be physically changed (from a software persective) that would be a possibility.
I am trying to find something that makes the least amount of assumptions on trust.
You could for example write to a write once cd. If you need some extra assurance put it in a envelope with a tamper seal then have it placed in a safe deposit box. As you need to also ensure the time of the hash not necessarily just the hash for example.
Something to note… If you do upload it to GitHub, make the repo private. This will prevent a DCMA takedown of any kind. In which case, I’d probably recommend GitLab as it is free to make private repos.
exactly
Can you elaborate on this? Why is DCMA relevant for this usecase?
However, when I am using only hashes that obviously would not be a problem.
Doesn’t matter. When $BigCompany sends a DMCA, the first knee-jerk from GitHub is to take it down. Remember, they are owned by Microsoft now. The burden of responsibility for making their case falls upon the maintainer of the repo. If you care about project longevity, then you would want to consider this.
thanks, I’ll keep that in mind