If clients or users want to verify that the file has not been tampered with then they could easily fetch the events themselves and check that the hash matches what was sent from the server