[bigmac]

You're right, wrappers can abstract away complexity. That's effectively what TUF is: a wrapper framework around low level crypto primitives that achieves a secure content distribution system. GPG alone would not have given sufficient guarantees around freshness and survivable key compromise.

TUF should be understood as a higher level concept than GPG. There are additional features of the TUF spec that we'll be implementing in later versions, such as threshold signing (k of n signatures required for verification) and secure delegation.

For what its worth, TUF could be implemented on top of GPG just fine. If folks have an appetite for that we'd welcome contributions here: https://github.com/docker/notary