The git time stamp is provided by the committer and not a third party. As such the Git timestamp amounts to a claim by you, that you committed it at that point. TimeCert simply provides extra backup to that claim.
TimeCert is definitely not a certified notary here (I never paid the $20 application fee nor took a test).
However it is a third party. Whether you choose to trust TimeCert or GitHub is completely up to you.
However in a dispute the evidence is provided by both TimeCert and Github is still third party and it isn't possible for you or a disputing party to tamper with the evidence provided. This evidence could be used in court the same way ISP logs are used.
It would absolutely still be possible for me to modify database records, just like it would be for your isp to modify mail logs etc. While a very good question, my reply would be what could I possibly gain from doing that? This still doesn't remove the question of course and that question is really the last hurdle.
There are various ways of solving it but it would require some one else running a similar site. it could be solved by adding a couple of other similar services in the mix sharing digest feeds that we each time stamp.
In the end it is all about who you decide to trust.
The git time stamp is provided by the committer and not a third party. As such the Git timestamp amounts to a claim by you, that you committed it at that point. TimeCert simply provides extra backup to that claim.
TimeCert is definitely not a certified notary here (I never paid the $20 application fee nor took a test).
However it is a third party. Whether you choose to trust TimeCert or GitHub is completely up to you.
However in a dispute the evidence is provided by both TimeCert and Github is still third party and it isn't possible for you or a disputing party to tamper with the evidence provided. This evidence could be used in court the same way ISP logs are used.
TimeCert attempts to be trustworthy. The source is on http://github.com/pelle/TimeCert and the new audit page http://timecert.org/audit shows exactly what code is released.
It would absolutely still be possible for me to modify database records, just like it would be for your isp to modify mail logs etc. While a very good question, my reply would be what could I possibly gain from doing that? This still doesn't remove the question of course and that question is really the last hurdle.
There are various ways of solving it but it would require some one else running a similar site. it could be solved by adding a couple of other similar services in the mix sharing digest feeds that we each time stamp.
In the end it is all about who you decide to trust.