OpenPGP is unsalvageable. One of the core goals of modern cryptography is to eliminate backwards compatibility with insecure 1990s crypto; OpenPGP instead lovingly preserves it.
Much of that could be solved by an implementation having user-controlled policies that whitelist/blacklist sets of algorithms. An implementation could be made with a sane default policy.
Of course, some things ought to just be replaced (S2K).
Of course, some things ought to just be replaced (S2K).