Completely agree! The article is blinkered to the security aspect. But imagine if compilers didn't create reproducible builds. Debugging would be a nightmare!
Uh? Is that sarcasm?
Compilers don't produce reproducible builds.
If you try to investigate a core dump using a binary recompiled from sources instead of the original binary, it's very likely you won't be able to analyze the core..
By default you're not guaranteed the exact same output in two compiled binaries. There's a lot of variable bits[1] that make into binaries from C and C++. Different languages/compilers have different levels of variable bits.
Yes that would be reproducibility iff the environment is identical. However "identical environment" is a complicated issue.
Differing file paths, timestamps, and host date/time can all easily make their way into a binary through macros in several languages without explicit compiler/linker flags. If compiled artifacts are bundled into a container (like a jar file) their metadata need to deterministically set or else the container as an artifact won't be deterministic.
So yes doing all the work to make build deterministic enables reproducibility but it's not free or automatic. Then doing the work to ensure the build environment is deterministic is an additional task that's not free or automatic.
Since when don't compilers produce reproducible builds? We did that at my last workplace with appropriate MSVC compiler options.
In any case, maybe parent is referring to using centralized debug symbols which can work for anybody in the org because their compilers all generate the same output.