How can I verify that the installed packages on a Gentoo system came from the same source that was on a main rotation mirror and/or “blessed” by the Gentoo development team?  

 

By verifying the checksum located in  /var/db/pkg/$APPNAME/CONTENTS am I only confirming that the source was the same as that which was downloaded from the mirror?

 

I guess what I’m getting at is how can I be sure I can trust a mirror? 

 

Thank you very much in advance for any insight provided,

-john