@yossarian as someone who had to maintain my old job's pgp stuff because banks still use pgp to encrypt files sent to us, I very much hate it

Has any progress been made on replacing pgp for signing? Git also has this problem where there really should be something better to do signature verification but I haven't really seen anything