Yes, making sure build timestamps are reproducible isn't a security win.
replyWhat is a win is that two independent parties can run the same build, and get the same binaries.
This is important because it removes trust from builders: anyone can verify their output.
It just so happens that unimportant things like build versions impede that.
It allows verifying that the binaries actually match the source, which is extremely valuable.
reply