Non-free reproducible building
Reproducible builds can benefit proprietary software/firmware, too. You will recall the Volkswagen emissions scandal of 2015, in which diesel vehicles were fitted with ‘defeat devices’. These detected when they were being tested on a rolling road and forced the engine into being much more environmentally friendly than it would otherwise be. It’s been estimated that some 11 million vehicles (not just VW’s) were affected in total. Outside of a test environment, vehicles actually exceeded legal emission limits, emitting dangerous levels of nitrous oxides, but possibly saving some fuel in the process.
To prevent such cheating in future, the idea of open sourcing engine management code was mooted. This may one day happen, but for now these are closely guarded secrets. Even if they were not it’d be hard, given past events, to trust that any code offered was the same as what went into the engine management unit.
Enter reproducible builds. In this scenario we don’t even need the code to be open source, just that some qualified, trustworthy person be permitted to extract the binary file from the device, inspect the code and build environment, perform the reproducible build, and compare the results. The process would be pretty much indubitable, so long as we trust the firmware extraction process. And if we didn’t, then we could do reproducible builds to convince us.