Someone should make a post, and have it sticky.
1. How to verify GPG signatures.
2. How to sign and verify bitcoin signatures.
3. How to get a public key from a keyserver or a webpage.
4. How public keys and private keys work in GPG or PGP.
Until you can do all that, there is no point to attempting doing any transaction.
It's really simple: If you can verify the signature, you are sure the message was really from whoever sent it, or whoever has access to the private key. Most people who have GPG installed are careful about their computer systems so they don't get compromised easily.
Thanks this is needed and I would greatly appreciate such a post.