[spam][joke][cryptotragedy] checking signatures on boot media

[grarpamp]

The spam attacks don't prevent using keys obtained
from keyservers, it only reinforces the old facts... that
you must verify the key's WoT or fingerprint-to-origin
to your satisfaction before using it.

You can still get keys from the various now balkanized
keyserver communities, some implementations suck
for search and using multiple keys.
You can run keyservers for some of them in coordination
with their comms channels.

https://github.com/hockeypuck/hockeypuck
https://github.com/sks-keyserver/sks-keyserver
https://gitlab.com/hagrid-keyserver/hagrid

And use keys with standard things...

https://www.openpgp.org/

And also use more simplistic and functional things like...

https://github.com/filosottile/age

that are alternatives to the traditional standard tool of...

https://gnupg.org/

Lots of new groups are integrating pgp into new things...

https://sequoia-pgp.org/projects/

But there's probably some awesome lists that aggregate
more of those new groups and integrations for reference.