Then what happens when your comparison fails. There's no consensus mechanism. But then can't everyone just start using a fork from the last time you all agreed (ignoring that coming to a consensus on where to fork would pretty much be impossible)? Well since github is hosting that git repo, and they're the malicious actor, they just alter that as well. You could take them to court, but this would take a huge amount of time. Effectively if you have a central authority you gain nothing from a public ledger because you have to trust them in the first place. Maybe it makes it quicker to find out that fraud has been committed, but the individual(s) who suffered from it will probably be suing anyhow.