That only checks that binaries are the same as what is published by distributors.
It doesn't help against a malicious distributor, unless package managers also do a deterministic build themselves and verify that checksum from self-build binary matches the checksum published by a distributor.
If I'm not mistaken, many (most?) of the package managers of major Linux distributions actually build a package from source themselves in an automated process.
Otherwise, getting a package to run on different architectures would be a ton of manual labor. At least Debian certainly has that automated.
Besides the huge security risk involved in... just distributing random binaries?
Anyone building from source has the ability to potentially including some modifications. Unless you are able to verify that checksum published (by whoever builds the code) "matches" the source code (by reproducing the build) you cannot be sure there aren't any modifications. Published checksums are often meant only for verifying that binary you got matches the original binary. Not for verifying that it is build from specific source code.
Many Debian packages already have reproducible builds, but not everything.
From Debian wiki:
> Reproducible builds of Debian as a whole is still not a reality, though individual reproducible builds of packages are possible and being done. So while we are making very good progress, it is a stretch to say that Debian is reproducible.
But the point is that this has nothing to do with the type of an open source license. GPL doesn't guarantee you that a build is reproducible and MIT doesn't prevent you from having reproducible builds.
It doesn't help against a malicious distributor, unless package managers also do a deterministic build themselves and verify that checksum from self-build binary matches the checksum published by a distributor.