I'm not an expert on this but I know Linux Mint uses APT as the package manager - How APT does things is that each repository has a GPG key that signs each package. The repository itself is imported from a list embedded in the OS. So you really don't need to verify signatures in normal operation. You should mainly do it when downloading the OS itself and making bootable media since this is the start of the trust chain.