I don't see how reproducible builds will fix this but expect I am missing something. My understanding is that to create a reproducible build you are already telling the person wanting to make one all the things that are required: compiler, environment variables, clock settings, etc. So if the crap is in theire, then the reproducible build documentation is going to say 'you need this compiler' which is just going to replicate down the problem.
If I change out the compiler, the settings etc.. then I am not going to be able to reproduce the build. If the problem is already in the build chain, then I am not going to find it, just keep it going ala the Thompson attack.
So I expect i am missing something obvious.