...
PGP has the concept of a "PGP Web of Trust" that people are theoretically supposed to use to prevent this sort of thing, but it's complicated and doesn't work very well, so pretty much no one actually uses it. ...
Thanks for the info Theymos, very in-depth and helpful.
I hope this isn't too far off topic but, related to the quote above, I've been thinking about the concept of a 'web of trust' and how bitcoin and the p2p blockchain are basically exactly that, it's a currency whose veracity is enforced by a web of trust (among other things of course, but nodes operate on a similar concept I believe, of course they rely on a percentage of participators to be rationally motivated to be good players).
I've also been thinking of a post I just read by u/cannon-c on r/bitcoin about the need to decentralize data (such as the bitcoin repository, and any important open-source repository).
It seems that both of those things (gpg signature storage and open-source software repositories) could benefit from a decentralized p2p storage model, and possibly the security of being written to a/the blockchain (side-chains come to mind, but I'm by no means a programmer so could be off in my expectations there).
In any case, taking Namecoin as an example, I think open-source software and signature repositories are the exact kind of things that could benefit from bitcoin's model.
I'm truly a noob so there could be things I'm not considering. Thanks for any thoughts you have