That provoked an interesting line of thought regarding reproducible builds. Now this may not be fully supported in Pale Moon as it was only completed in Firefox in the last couple of years, but even though it may not be possible to get a byte identical build on different platforms, you could probably recreate the build env so it would be close enough to easily audit with the right tools and know-how, to ensure the binary contained what it was supposed to. But Feodor's non-compliance created a situation where this was difficult. And why would someone smart enough to create a fork of something as complex as a browser not be able to add git tags to mark build releases, and persist in doing this, and not answer direct questions?(with potentially disastrous consequences in terms of security, etc.)
Even if Feodor was not adding hidden malware to the released binaries, it created a situation which a hacker or hostile state / group could take advantage of to do exactly that. So this lack of transparency was not merely some minor technical detail but a genuine security concern for anyone using these binaries.
As a non-XP user, actually even I have an old computer with XP just in case it's useful to access floppy drives, but have never used it online, do feel free to carry on this lively discussion amongst yourselves...