The author explores the reproducibility of official binary packages in Debian and Ubuntu, noting that rebuilds often do not match the official releases. They introduce debdistrebuild, which rebuilds top packages from different distributions to test reproducibility. The results show varying levels of success in achieving identical rebuilds due to differences in build environments, build paths, and version numbers. The author discusses the importance of using the same build dependencies as the original build to increase reproducibility. They propose the idea of idempotent rebuilds to reach 100% reproducibility, acknowledging challenges in rebuilding older versions. They emphasize the need for measuring idempotent rebuild status and suggest a potential solution involving modified earlier packages to achieve higher reproducibility levels.
https://blog.josefsson.org/2024/07/10/towards-idempotent-rebuilds/