All of the packages you download have been built by someone other than you and as a result, there are trust issues involved. Is there a way you can check the integrity of the packages (or require a given level of integrity) before or during the installation of the packages?

Most packages provide one or two methods for verifying them - GPG encryption keys or checksums. Both methods require that you trust that the source of the packages is the same as the source of the verification method. If you accept that premise, these methods provide a fair amount of confidence that the package you have downloaded/installed is the same as that constructed by the developer(s).