When i dug deeper into this, i started to suspect that when we follow the "build it yourself" procedure, it's not really an exactly reproducible-build of the images that are being released/listed on the DivestedWRT page - building it ourselves we'd get whatever was master at the time when we're building it instead..
Now that I've looked into it more and learned we can take the extra step of:
- getting the commit-hashes of the openwrt source-tree from the version.buildinfo, and
- the commit-hashes from the feeds.buildinfo
- and can use 'make defconfig' after using config.buildinfo as the .config file
src: per this post.. tho these extra steps weren't mentioned on your page but maybe you could? with an eye towards automating / reproducing an identical image you have release..
but my main concern really is there's also occasionally other important changes that aren't captured in an automation-friendly way:
one example is, the tweak listed in the changelog entry of early May-2023, where you're downgrading the mwlwifi driver, however i don't see anything in that specific release's build dir to show this was done 
(nor did i see the downgrade in the patches dir at the time)
Basically, my goal with this post is to learn how to have a way to automate re-building an exact version of what you have released. And while I later realized you manually posted that change's step here, i'm not sure how that would help with automation, as there's no patch file.
tl;dr - can we be assured that any changes have made for a release, will always have a corresponding patch file or would that not always be the case? if it isn't, where does info end up being in your git repo, for automation's sake please?