that's example of attack reproducible packages do not protect from, why you are linking it ?
A distro automatically verifying that installed packages are reproducible would protect the user?
alt Hacker News
A distro automatically verifying that installed packages are reproducible would protect the user?