This has been the status quo in Debian for a while now. You can build, and use diffoscope to audit the differences.
It's a stronger security property to have bit-for-bit reproducibilty, and it looks like Debian are ready to commit to it.
I had figured the cost would decrease in time as deterministic builds became the norm (i.e. build tools stop including build timestamps).
I agree that it might not have positive POI. Bit tricky for me to judge.
This has been the status quo in Debian for a while now. You can build, and use diffoscope to audit the differences.
It's a stronger security property to have bit-for-bit reproducibilty, and it looks like Debian are ready to commit to it.