A reproducible build is one where compiling the same source code, in the same defined environment, always produces exactly the same output. The Reproducible Builds project states the property directly: “A build is reproducible if given the same source code, build environment and build instructions, any party can recreate bit-by-bit identical copies of all specified artifacts.”
The reason this matters is verification. Most users of software run binaries, not source code, and they have to trust that the binary they received was actually built from the published source rather than tampered with. If builds are reproducible, an independent party can rebuild the source themselves and compare the result byte for byte. A match is strong evidence that the binary contains nothing the source does not.
This makes reproducibility a defense against supply-chain attacks. A compromised build server or a malicious maintainer who slips extra code into a released binary would produce an artifact that no longer matches a clean rebuild of the source, and the mismatch is detectable by anyone willing to repeat the build.
Achieving reproducibility requires eliminating sources of nondeterminism that creep into ordinary builds, such as embedded timestamps, build paths, file ordering, and randomized identifiers. The effort to systematically remove these variations across whole operating systems and language ecosystems is the practical work behind the idea, pursued by distributions and projects so that published binaries can be independently confirmed.