I was gonna write this. Package management with distributed mirrors for both speed + redundancy are a solved problem in the Linux world. Ship trusted signing keys and even the shadiest mirror becomes verifiable.