Comment 9 for bug 238370

I agree with the security concerns.

Comparing the results of two different builds may not work. Many projects embed data about the build environment inside the compiled results (e.g., hostname of the machine it was built on, date it was built, etc.). These bits of information would be different on different machines, resulting in a high probability that two functionally identical builds are flagged as different.

Also, a malicious user that is able to control multiple build machines might be able to fool the network into thinking that a malicious build of benign source code is OK.