Kettle: Attested builds for verifiable software provenance

Wasn't another submission recently explaining how modern TEEs are not in fact promising that much against an attacker with physical access and a well-equipped (but not exclusive-to-nation-state level) lab?

I saw a call for Debian to ship reproducible builds - this could be a nice stepping stone or alternative path