Kernel relinking needs to happen on the user's system anyway because the prebuilt builds are not unknown (they are public for anybody to download). It's like ASLR at runtime vs ASLR at build time.

Since these binaries are known anyway they might as well use a seed to allow verification of the published binaries with reproducible builds, then relink them into an unknown binary on the user's system after install (for example during boot as described in the 2nd post).