But nobody could possibly read all the source. There's 15 million lines in the Linux kernel alone and it changes frequently. Even a group of people couldn't manage it. Gentoo isn't "more trustworthy" because nobody has actually read all of its source. Its users simply trust the upstream source repository. That's no better than trusting apt/yum.