Some rather disturbing news for Gnupg in particular. Some asshats have decided to poison gnupg/openpgp cerificates for the sks servers which most open source linux and unix use for package management.
Read more here: https://duo.com/decipher/openpgp-certificate-attack-worries-experts
Wholy crap, they should get a life & get out & make some exercises, might remove the ideas to screw everyone.
Unfortunately, any software or software based systems are vulnerable through such hacks. It depends on the skills of heartless individuals that wants to cause trouble just for their sick gratification. 