Comment by Telaneo

> It's the responsibility of the maintainer to read the subset of docs relevant to the package(s) they're contributing, not the user's.

I agree a lot with this. You're supposed to trust your distributions packages. If you can't trust your distro, who can you trust? If you don't, find one you do trust, as that's a viable alternative. If none are trustworthy to you, then the only real option is to become your own package maintainer and have fun with Linux From Scratch.