[aejm]

This is really good inspiration for some of my plain text accounting projects! Could you please go into more detail about your RFC3161 attestation of commits? I'm assuming you're signing your commits with a gpg key to assert that it was in fact you who made the commit. Do you use an external timstamping service and an external ca authority, or do you build your own chains of trust? If you were asked to attest your accounting commits, what would that look like to the auditor?

[epistasis]

The time stamp stuff is mostly a lark, because the bank statements and receipts are probably all that really matters, but it was fun!

I use freetsa.org and OpenSSL on the git commit hash to tie that commit to a particular point in time. I also added the Bitcoin based opentimestamps-client time stamping, but even fewer auditors would believe that it's of any value... Edit: I only timestamp after account reconciliation right now, and will do it when I close the books for a year. The files for attestation get attached to the commit with a git note, and get added to a directory for easier browsing. An LLM can write scripts for this, probably from just copying and pasting this comment as direction. I installed them as git subcommands.

Other CAs offer for-fee time stamp attestation, and I hear it may hold value in the EU, but here in the US it's only for fun, and for very small values of fun!

[aejm]

Thank you for taking the time to reply! Agreed, it does seem like any auditor would be able to verify all this information from other sources, but I really like the idea of having multiple independent levels of attestation for my organizations important financial and legal documents.