Some rather disturbing news for Gnupg in particular. Some asshats have decided to poison gnupg/openpgp cerificates for the sks servers which most open source linux and unix use for package management.
Unfortunately, any software or software based systems are vulnerable through such hacks. It depends on the skills of heartless individuals that wants to cause trouble just for their sick gratification.