[Nix-dev] Sidestepping the community builds trust issue?

[Michael Raskin]

>If web-of-trust is the best solution, and the only blocker is build
>reproducability, how about trying to classify build differences?
>
>Each of the differences will have a reason, and either we can fix the build
>to be deterministic (e.g. timestamps, build paths), or we can classify a
>class of changes as equivalent (e.g. optimalizations resulting in
>equivalent code, prelinking).

Do we want to do something about Profile Guided Optimisation, for
example? I think GCC builds itself with PGO after bootstrapping, and 
I don't know what other packages use some amount of unreproducible PGO.