Bluntly, I don't think it would help with security. The attacker would just have to disable or adjust the distcheck target to seemingly pass.
Yeah, it should be noted that the way the backdoor got into the code was by the _co-maintainer_ -- distcheck or not, would not have mattered, automake or not, would not have mattered. The individual could have sneaked in code changes into the release tar-ball just as well -- Github presented two sets of files one could download (direct from git, and "release"). The deviousness of this backdoor should not be understated, it was a long game of over two years in work and technological improvments will simply not mitigate it. Relying on something in a code repository to tell whether the repository is secure is akin to tying a dog with sausage. For security proper, the verification code needs to be held elsewhere, not compromisable along with the thing it's supposed to verify. Analogously, you don't run a rootkit checker on the system that's potentially compromised, because the rootkit may hide itself; you boot off secure media and then use the tools in it to look for the rootkit in the potentially-compromised system, *without* handing control over to it.
