Third party dependency verification and multiple developers - Is it broken or am i an idiot?

My Team is using Third-party dependency verification via the use of the verification-metadata.xml file. We are cloning a repo and generating the verification file via the bootstrapping method. However, different developers produce a different verification-metadata.xml file. Subsequently, when the file is committed it causes a verification failure for one developer but not for another.

I could not find record of this being a known issue and there is a very real chance i am missing something here. Any help would be appreciated!