This is an interesting idea. Cross checking on multiple build mashines with private signed email (containg the checksums of source and binary, stripped away from machine specific data) send to the signatories - this all makes it alot difficult for someone to crack.