This sounds brilliant and I see no immediate reason why something like this shouldn't be useful for most software ecosystems.
Also, in addition to the pure security perspective of this I also have a feeling that it might become a useful piece of the puzzle to solve open source funding.
Sigstore is a Transparency Log intended for provenance and software artifacts which has support for a few different build artifacts. The container ecosystems also appears to be embracing it.
Cool practical example is pacman-bintrans from kpcyrd that throws Arch Linux packages on sigstore and (optionally) checks each package for being reproducible before installation.
https://github.com/kpcyrd/pacman-bintrans
I think this is generally useful for a lot of ecosystems indeed, and it's cool to also see similar scoped projects pop up to address the these issues.