Well, it has downsides, too - one needs to specify all dependencies for every package. That includes transitive dependencies, so some of these dependency lists look pretty weird. "I need video codecs to build the mouse driver?!" (not a true example, but along these lines)

But with that information, everything that goes into a package goes into the build signature. Environment variables and all.