Why i am worried about this exact scenario is that i have had multiple occasions where the Deriver field does not match what i have locally whilst evaluating a package. That is. Nix is substituting a path for my derivation but cache.nixos.org has a different derivation in the Deriver field.
We can debug what happens if we upload derivations to the cache and sign over the Deriver field as well.
But we do neither.
The fact that I am detecting these issues actively and have no way to figure out what cache.nixos.org actually built is frustrating and kind of worrying too.