"Exact binaries" is not the point of having the source code.
Uh, you must not have worked in a shop that does continuous integration automated builds? Do you really think QA should be handed binaries that you compile and have them trust them?
The problem is that GCC will always give you a different binary every time you compile from the same source. This makes it impossible that the binary you received comes from the source you claim to have used. You can get around this by never receiving binaries from anywhere but the automated build machine but it would still be useful to be able to test that a build that you received was built from the code you expect.
There were several reasons why Apple moved away from the GCC tool chain to LLVM and Clang but one of the abilities of the LLVM stack is that you can actually get identical binaries from the same source compiled on different machines at different times.
You confused my post and gotten it EXACTLY BACKWARDS. But thanks for playing....
The point that I was making is that source code does not always build "exact binaries". Now if someone is giving you both a binary and the source code and claiming that the source produced the binary, there is really no way to prove that one way or another. But at least you know that you can build a binary from the source code and know what is in THAT binary.