One thought: Nostr already has a strong set of npubs following each other with cryptographic signatures that could be the basis of a web of trust. This could easily grow bigger than GPG ever was.

nsec signing of git commits might be the logical next step for a truly decentralized github replacement.

Improvements to current Nostr key management would be needed. e.g. Npub delegation, subkeys, and revocation would allow people to keep master secrets offline rather than pasting it into several web and phone apps.