The speaker discusses the challenges of achieving reproducible builds with Dockerfile, focusing on the issues of timestamps and non-determinants of package versions. He introduces BuildKit version 0.11, which supports reproducing timestamps with the Source-State-Epoch build arg. He also presents ReproGet, a decentralized and reproducible front-end for package managers like After-get and DNF, which allows for locking package versions with SHA256 hashes. He concludes by mentioning future work, such as simplifying Docker files and implementing cross-compilation. In the Q&A, he discusses how to maintain the list of package hashes to ensure security.