But a hash provides proof to the actual uploader of subsequent tampering. As you cannot modify the hash without the originator being aware, I think it is enough.