SSH is the new GPG
Not really. But Kind of? Did you know that you probably already have a working PKI system for signing artifacts on your laptop today, with no keyservers, web-of-trust, or configuration? You can use it to sign files, and to find the public keys for other people and use them to verify files they signed. So why aren’t more people using this? I think it’s just gone overlooked because it’s a relatively new feature in apretty old piece of software.