Synopsis: Git is the best we have right now for a “History-retaining Merkle tree” (when force-push is turned off), and stands to be utilized more outside of software development - in business at least.

A £200m “Garden Bridge” project was canceled when it had accrued £50m in costs and before construction started. It is difficult to pick it apart. See this Tortoise Media article and Reddit discussion.

It is not clear whether governments or corporate shareholders would be first to require “minutes” and proceedings to be better stored for posterity (and audit), but both will in time. I’m 100% sure that such general-purpose archiving systems will be based on Merkle trees, but don’t think we need to say “blockchain” at this moment. Git (or something like it that succeeds it) is perfectly good enough. Obligations of organizations, companies, and government projects would have certain categories of activity held under Git control. The obligation of the “data officer” would be to share hashes (SHA1 for Git, noted) with external entities.

External entities could be news organizations who’d have a list of hashes that had been shared with them at certain dates, or government orgs who have a right to investigate later. The news org can’t do much with their list of hashes other than cry “foul” at some point in the future. Specifically, a claim that history was tampered with in some way. The government for inquest or criminal investigation purposes, with news orgs nudging them into that action maybe.

The government could ask independent auditors to visit orgs/companies that purport to maintain minutes, meetings, decisions, and financial summaries in Git and merely confirm that a certain hash is represented in Git at a claimed certain date/time. The auditor would use their own software (and perhaps hardware) to traverse the entire span of history verifying the correctness of the Merkle tree as represented in Git (or better as mentioned). The auditor would then scrub their hardware provably dropping the Git “clone” and leave with the simple assertion: “the org does indeed have that hash at that time in their official record”. Presumably it is Ernst & Young, Deloitte & Touche, KPMG and PwC that offer these services. Others too that are less global. And if a news org like The Guardian Fox news wanted to they could invoke the same services (for a fee) toward the same outcome: “does/doesn’t have that hash at that claimed time”.

Companies and organizations are required to hold board minutes. I’m thinking it is better to hold these in Git, going forward. The missing plans for the Garden Bridge? They should have been in the same Git repo as they are significant enough. Obligations for a data officer would also include having an adequate backup for the Git repository. Multiple Thumb-drives in multiple safes would be sufficient - there’s no need for this to be online or “in public” like blockchains in any way - except for the hashes themselves.

Of course, we’re lacking the end-user friendly tools for Git as a file-store right now. There is that is a nice multi-platform file-share/sync front end for Git. It is on GitHub too but there’s 89 open issues and 4 unprocessed pull-requests so the project needs help I guess. I made something for Subversion that only I use which has advantages and disadvantages versus Git as a backing store. I think more work is needed this field. Facebook releases Mononoke soon enough (for Mercurial) with uncertain advantages, and commercial players like PlasticSCM have fantastically scalable software that’d be a great backing store for the same sort of thing.


July 21st, 2019