People joke about the UX and they're right but the truth is you can use GPG pretty much everythere and as long as you know someone's pubkey you can use the most spied on communication channel and your message will still be authentic and secret.
Those who really need it will use it eventually. Not everything is meant to be used by everyone.
I'm particularly interested in message signing/verification, which for packages is typically done via GPG and a shasum file.
Maybe it's not meant to be used by everyone but I sincerely hope it is. As PGP is a tech with a big social component I'm trying to understand how nostr could help with its flaws here
Nostr just has a better UX but the underlying concepts are the same:
* public key crypto
* WoT for attesting public key authenticity without a centralized authority
Nostr only does the latter point partially, i.e. you implicitly "trust" your follows and sort of your 2nd degree follows but clients still don't fully exploit WoT. They could use it to curate feeds, weight or filter counters (number of reactions, followers, etc), combat spam, etc.
