Epic work!
Do you see this kind of work on binary reproducibility enabling better behaviour (i.e. less cache misses and spurious rebuilds) for Nix’s upcoming content-addressed derivations feature?
I’m particularly excited to see whether this kind of work will enable trusted distributed caches in an easier manner as the current UX around custom caches is a bit of a PITA. Cool to see you mention trustix on this note!