For anyone saying otherwise:

There is ONLY ONE valid way to check trust - it is called keyring.

All linux distributions do use it.

Think on how you use SSL certificates on your browser, now remember that you can always import your own Certificate authority.

As simple as that. Unless you have nefarious purposes.