|
|
|
|
|
|
by acdha
641 days ago
|
|
|
This doesn’t work because the hashes are controlled by the same party party you don’t trust. If you want this, you need to pay for trusted third-parties to audit the factory and random samples - otherwise it’s basically like all of the blockchain startups trying to reinvent supply chains only to learn that a chain of hashes showing package A was delivered to warehouse B don’t help if you don’t actually know what was in the box, who picked it up, or what happened to it in transit. I guarantee that the Mossad would have had valid hashes on every battery. This isn’t even very effective for software: people have been working on commit signing, reproducible builds, etc. for ages but it’s just a cascade of trust problems where striking the balance between workable and effective can be extremely challenging. Something like xz or SolarWinds would have had valid signatures on everything, and you still wouldn’t know the real identity of the person responsible for the duplicitous code. |
|
|