I still think this is a problem of public key servers being a broken idea, rather than PGP itself.
It's 20 years since I've been to a key signing party, but there are still several small circles of trusts where I have very good ideas about the trustworthiness of each member and of the overall circle.
I still trust the crypto that PGP (and OpenPGP) uses. (With the caveat of no forward secrecy unless you try to handle that yourself).
I'm not entirely sure I've _ever_ trusted a key server provided public key, beyond the use case of trying it to open a conversation in which I can verify (to whatever level is needed) whether the person on the other end is the person I am trying to communicate with.e
It's 20 years since I've been to a key signing party, but there are still several small circles of trusts where I have very good ideas about the trustworthiness of each member and of the overall circle.
I still trust the crypto that PGP (and OpenPGP) uses. (With the caveat of no forward secrecy unless you try to handle that yourself).
I'm not entirely sure I've _ever_ trusted a key server provided public key, beyond the use case of trying it to open a conversation in which I can verify (to whatever level is needed) whether the person on the other end is the person I am trying to communicate with.e