I don't think this is what it is all about
"The feat will allow anyone to independently confirm that Debian binaries were built from a reported source package."
Back in about 1983 I managed a small group tasked, amongst other things, with distributing software to hospitals. Part of the QA process I introduced involved taking a release of the source code and a copy of the software used for acceptance testing. The next step was to rebuild the software from the supplied source and compare the results with the acceptance test versions. This was VAX/VMS and the undocumented CHECKSUM command was used for this comparison (CHECKSUM/IMAGE for the curious, it took out timestamps). If the two did not match it was all sent back to the developers with a 'please explain'.
Roll forward 10 years after a period of developing security software for VAX/VMS (see NIST SP 800-6) and I found myself doing something similar but more focused on determining whether the software had been built from code in the source code repository, effectively whether it was built from the approved package. This required a more detailed analysis of the information stored in the executable images and has some similarities to the initiative reported here.
So, I've done some of this stuff and have some idea of where it can come apart.
(1) Change your tool chain (even different version of the same tool chain) or architecture and it will all probably break. The Alpha VMS compiler/linker tools did not dump the same sort of information into the binaries and it largely invalidated the VAX/VMS tools I had developed.
(2) Different build options, even when using the same tool chain and target architecture, will result in functionally equivalent but very different binaries.
(3) Anything you find embedded in an image can obviously be manipulated so even if the same architecture and tool chain and options are used the contextual information must not be trusted without additional verification.
For all of the above I think this is not the 'feat' you are looking for.
Given some binaries and a source code package proving the link between the source code and the binaries is non trivial (again I have some form here having been tasked with reverse engineering the source code library that represented the executables currently in production...).
What they are testing is the statement "It should be possible to reproduce, byte for byte, every build of every package in Debian.", this is from the WIKI reference a couple of clicks on from the referenced "report note".
This has very little to do with the claim in this piece. If you have the same source code, and the same tool chain executed with the same options you should be able to prove that you have achieved the same results.
Nothing like the headline statement.