This is new to me. If I understand this concept correctly, it should eliminate the need to trust an abstract website and its security setup. Rather, I could trust a real person that I know, or even better several individuals to verify that I have, e.g., an authentic electrum wallet. Has this concept been accepted to date? I mean, do you people use it when installing sensitive software from the internet?
You're correct. Websites should not be trusted and users can't trust anything on the internet when they are validating things. It's simply unrealistic to go around passing your PGP keys but meeting someone face to face to authenticate their PGP keys is certainly the most secure method, you can't go wrong.
I haven't really heard about bitkey before. Is there a widespread use of it? Again I ask this question because of trust. For electrum, I can be pretty sure that (due to its widespread use) its source code has been thoroughly vetted before. So I just have to trust the signature. Sure, as you indicated, there's the source code of bitkey, but how many people have gone through the code to check it?
On the other hand, bitkey seems to be similar to tails, which I have been considering to use as a form of more secure linux. How different bitkey is with respect to tails?
I would recommend for you to just use a more established distribution to use Electrum with. OS like raspbian and ubuntu has been vetted hundreds of times and it is unlikely that they are intentionally including any malicious code. Even if they are, the airgapped setup would pretty much eliminate most of the threats. AFAIK, Bitkey doesn't route data through Tor.
