Instead of a hash sum you could use a crypto signature. Makes it even more useful: if someone legitimately alters the file, you could verify who it was. While you're at it, make it a zipped git repository and you have edit history for free
not sure, but maybe hashing the media files to be zipped and including that hashlist in the hashed lmd would prevent that? or at least allow for a verification that they werent altered
