It should be possible to reproduce, byte for byte, every build of every package in Debian. More information about reproducible builds in general are available at reproducible-builds.org.
Reproducible builds of Debian as a whole is still not a reality, though individual reproducible builds of packages are possible and being done. So while we are making very good progress, it is a stretch to say that Debian is reproducible.
Most packages built in sid today are reproducible under a fixed build-path and environment.
We have a continuous integration platform that builds and immediately rebuilds packages. With this we can detect problems related to timestamps, file ordering, CPU usage, (pseudo-)randomness and other things.
Many patches have already been submitted, and we are continuously writing new ones.
You can check which packages installed on your system are still unreproducible by using the reproducible-check script in the devscripts package.
Big outstanding issues
#763822: ftp.debian.org: please include .buildinfo file in the archive (see also 862073 and 862538 as intermediate steps)
User-facing interfaces (see proof-of-concept in #863622: apt: warn when installing packages that are not reproducible
- Tighten up the Policy definition of "reproducible" to be stricter about environment variables and build paths.
Discuss which environment variables we should blacklist or whitelist, 876055.
For more concrete tasks to be done, look at how to contribute.