Since we seem to agree the “A” part can be solved (by adding an optional hash (or better, signing key) field to open formats), one thing that neither this nor MQA solves is “trust”.
I say this as someone who wholeheartedly thinks displaying the signatures is well worth the effort you’re putting into it, and is a great idea, but how do I trust a label who “authentified” a file as coming from the artist, when it in reality went through a batch processor, when the purveyor of said authentification has proven deeply disingenuous and lacking in transparency (see the whole “the format is lossless” arguments) ?
In other terms, how do you trust not one, but two untrusted providers ?
I though Roon only checked for container format…