It is easy to query the web site for a package (see for example
http://packages.ubuntu.com/libgdata-common) and look up packaged details (see for example
https://launchpad.net/ubuntu/+source...0.1-1~oneiric1) including checksums. Official PPAs have GPG keys that should be used for instance the release key for oneiric-bleed is at
http://ppa.launchpad.net/oneiric-ble...dists/oneiric/ IIRC. See the official Ubuntu documentation on how to add keys or see something like
http://linuxers.org/howto/how-instal...are-ubuntu-ppa. Then all Debian-esque distributions should ship with the "debsums" package to run hash checks on installed packages.
*What I'm trying to say is that
making an informed decision what to do should IMHO be based on what the distribution offers in terms of package management configuration, package lookups and verification and not on something as vague as "
I guess most folks say OK".