Yes, a call to action! We need a reproducible builds hero.
Ultimately, what we need is for our infrastructure to verify that two bootstraps of the same compiler produce the same installer tarballs, the same .msi’s, and the same .pkg’s. So there’s a clear goal, and I suspect a number of obstacles standing in the way.
If I were to start I’d probably just do some experimentation to see what is and is not reproducible, then think about how to set up test cases to verify reproducibility at various levels.