As the maintainer of Rust in openSUSE I am often asked to support build reproducibility in our supply chain. I've spent countless hours researching the problem, and discussing it with security experts to understand details. Thanks to the XZ incident this topic has once again come up, since after any security incident people always use the attention to further their own agendas. As a result, I'd like to write my very not scientific thoughts about reproducible builds. Before We Begin Let's perf...
