> It seems like you might run into a lot of trouble with the security hashes
> because you're going to need the compile process to be completely
> determinate down to the last bit.
This will be the main difficulty yes. It is certainly not impossible though.
> I imagine this will mean the same
> version of pretty much the entire tool chain
Well only those parts of it that are used for specific packages, fortunately 
portage does make this information available.
> the same settings on
> bzip/gzip, etc. 
> Further, many packages compile in information about their
> build environment so they can tell you when they were compiled and on what
> machine.
Yes this is a further source of difficulty although again not necessarily 
unsurmountable. Furthermore as stated in my other reply to Phillip it is not 
strictly necessary that this system work with 100% of packages, as long as it 
can work with most as a start the more troublesome ones that do strange things 
like compile random numbers into the source code can simply be added to a list 
and dealt with later if possible, or even be handled by the main compile 
server thereby avoiding the need for security hashes for these particular 
packages.
> If you wanted identical hashes, you would have to strip all that
> information somehow, without having to configure things differently for
> each package. It sounds like a great project if you can figure out all the
> implementation problems, so good luck.
There are several difficult implementation problems yes, but I would venture 
this is true of any project worth doing.