First of all KUDOS to Debian’s new release this month, Debian 10 (Buster).
Notable to me is the effort for reproducible binaries, which aligns with my security Source Certification Contract (SCC) goals of Are You Who You Say You Are? Trust the Source, User.
Debian’s Buster release PR accordingly:
Thanks to the Reproducible Builds project, over 91% of the source packages included in Debian 10 will build bit-for-bit identical binary packages. This is an important verification feature which protects users against malicious attempts to tamper with compilers and build networks. Future Debian releases will include tools and metadata so that end-users can validate the provenance of packages within the archive.