How can I verify that the installed packages on a Gentoo system came from the same source that was on a main rotation mirror and/or "blessed" by the Gentoo development team?
By verifying the checksum located in /var/db/pkg/$APPNAME/CONTENTS am I only confirming that the source was the same as that which was downloaded from the mirror? I guess what I'm getting at is how can I be sure I can trust a mirror? Thank you very much in advance for any insight provided, -john
smime.p7s
Description: S/MIME cryptographic signature
