[pvg]

Fundamentally, the discussion is about your (and others') claims that PGP is some key part of security infrastructure and that its wide adoption and importance in such infrastructure shows that. It probably got a little stuck on broad terms like 'adoption' and 'standard' instead of looking more specifically at the type of use you're holding up as an example.

Here's what happens in the super-common, basic case of 'installing a third party (i.e. not from the distro repos) package on some debiansy Linux':

You access the the developer's webpage (via a browser and https) and read the installation instructions. They tell you to curl in (over https) some pgp key and some (https) endpoints for finding and downloading the package.

You apt-whatever and the package is installed.

The PGP part of this can be replaced with NOPs and this is no less secure. All the heavy lifting here is done elsewhere using infrastructure that actually has wide adoption and standardization and does useful things.