I post a new topic on Dfinity forum A Vision for Software Building and Distribution Based on the Internet Computer.
My point is that even if we perfectly standardize reproducible builds, the problems still exist:
Not many people attempt reproduction or code verification.
For example, in the past, we’ve seen numerous NNS proposals related to infrastructure upgrades where most lacked this kind of verification. Most people had no idea who performed the verification or what the results were, leaving them to vote blindly.
Even for the most critical IC infrastructure, this is already the case—let alone for other dApps, where the situation is even worse.