It's a good point - More people should be doing this, IMO.
If you set up your own automated build environment that's the same as what
the distro uses to compile packages (like the same GCC version, etc.) then
you can compile packages and make sure they have the same hash. If the hashes
match you know the binary is the same. This is a difficult process though
because you need to duplicate the setup of the build farm exactly.
A different package manager called GNU Guix makes this easier and I've been
keeping an eye on that - http://www.gnu.org/software/guix/
That package manager seem neat.
If you don't care about matching hashes with the distro, then just grab the
source code for everything, compile, and make your own Trisquel ISO,
potentially even recompiling any other packages from the repository that you
may need too.
