One possible way to "timestamp" your entire code tree might be to zip it up, cryptographically hash the result, and then print out the hash and physically sign it with a notary.
I have no idea how legally useful this might be. I'm sure it would be legally difficult to explain. :-)
I've wondered before about whether posting an MD5 hash of a snapshot to usenet or a bunch of free mail services (Gmail/Yahoo/Hotmail) might serve as a "beyond reasonable doubt" method of proving you had a specific bunch of files on a particular date. It _should_ be possible to argue that the likelihood of me being able to subvert Google's and Yahoo's and Microsoft's mail servers all at the same time is effectively none, and subverting every usenet server in the world even smaller.
I know where I come from (NSW Australia) there's already established legal recognition of MD5 hashes, they use them to verify authenticity of traffic enforcement camera data.
One possible way to "timestamp" your entire code tree might be to zip it up, cryptographically hash the result, and then print out the hash and physically sign it with a notary.
I have no idea how legally useful this might be. I'm sure it would be legally difficult to explain. :-)