Build scripts have access to the parent environment, and this may cause problem because it's not obvious which env vars are actually used by the build script, which hurts reproducible builds.

Perhaps we should use some kind of a whitelist of envvars to pass to build scripts?