I think that a threat model that Binary Transparency tries to counter is one where an attacker gets hold of the signing key, or coerces the holder of that key, to sign a malicious update which is then sent to a targeted victim (on a compromised mirror site, for example).
If people are combining Reproducible Builds with Binary Transparency, then the attacker probably has to release the same binary to everyone, and release the source code containing the malicious change.
It remains to be seen whether enough people would audit the source code diffs of each release of Firefox, say, to stop a malicious update from affecting a large number of users. In particular, mechanisms would need to be put in place to stop users updating to a release which was discovered (or reported and then verified) to be compromised.
If people are combining Reproducible Builds with Binary Transparency, then the attacker probably has to release the same binary to everyone, and release the source code containing the malicious change.
It remains to be seen whether enough people would audit the source code diffs of each release of Firefox, say, to stop a malicious update from affecting a large number of users. In particular, mechanisms would need to be put in place to stop users updating to a release which was discovered (or reported and then verified) to be compromised.