Finding solutions for reproducible builds BoF

How can we enable multiple parties to verify that a binary package has
been produced untampered from a given source in a distribution like

While trying to get reproducible builds for Debian packages, several
problems were identified. For some, like paths encoded in debug files,
we are still missing good solutions. Let's review them and find great