Fedora has announced a change proposal to make 99% of its package builds reproducible in its upcoming Fedora 43 release, aiming to ensure that 99% of its packages meet this standard by the time it ships. This effort is part of a bigger shift toward verifiable trust in the software supply chain, which touches anyone who builds, ships, or consumes software. Reproducible builds make it possible to verify package integrity, audit what's inside an artifact without reverse-engineering it, and protect against supply chain attacks. Fedora is standardizing timestamps and metadata using tools like add-determinism, adopting SOURCE_DATE_EPOCH to control build-time data, and building out infrastructure for independent verification. This effort overlaps with Cloudsmith's focus on cloud-native artifact management, which aims to provide trust, provenance, and control over the software that flows through the pipeline. Cloudsmith plans to participate in this effort by providing infrastructure to support reproducible builds, including signature verification, dependency scanning, access control, and metadata transparency.