No Linux distribution or any mainstream OS for that matter can claim to have 100% reproducible builds at this point for everything they distribute although many Linux distributions obviously have made good progress. Nix has done good work there but it is entirely fair to point out the caveats beyond the headlines.

I'm not. If builds are 1:1 reproducible and that's done for an entire distribution's repository, then a 1:1 ABI compatible fork is created by default. That's why RHEL made their SPEC files harder for non-paying customers to access. You can't make a 1:1 reproducible build if you can't get the exact same source configurations and build environment. Source configurations and build environments aren't covered by the GPL.

That's why it's in RHEL's interest for reproducible builds for internal use and for their paying customers while simultaneously being not in their best interest for non-paying users who can turn reproducible builds into a competing product. This is something RHEL would back because it's great for internal auditing and how they use it internally isn't something they actually have to share back with the community. Those reproducible build config files, just like their SPEC files, are allowed to be proprietary and stay internal.

You are starting off with an incorrect premise. They didn't make spec files harder to access. All the spec files continue to be available via the CentOS stream repo and yes this includes all the ones for RHEL builds. Go ahead and take a look. Reproducible makes no difference here since clone users have never wanted that nor can they really achieve that unless Red Hat makes their entire build system public and they aren't going to do that. What some clone users care about is ABI compatibility and that is atleast feasible.

so whats the point of others compiling the package if the result is the same?

To verify that the binaries you download don't have anything malicious added.

but the source code might be the issue with these open source softwares. so even if u download it and test it then u might have the same sneaky malware as the repo.

You can audit the source repo. You can audit the build environment. But can you be sure that the binary you were given has had nothing else added?

Reproducible builds means independent third parties can exactly reproduce the binary, giving confidence nothing else is there.

i see
so you will audit every package that will have to install/upgrade or you will audit the repo in general and not the specific packages?

Is reproducible build gives advantage for source based distro?