PGP certainly has its problems, but isn't really special compared to other similar things. The big advantage that PGP has is that it is a stable and well known standard. There is a tendency to imply that it is insecure in some way, but no real evidence seems to exist to that effect.
> isn't really special compared to other similar things.
If you define "similar thing" as "kitchen-sink thing that tries to do everything like PGP does", then this is true, as no full alternatives exist, nor should they.
But for all practical applications? Pretty much every "other similar thing" that I have tried is _vastly_ more simple and more reliable and easier to debug and infinitely easier to script. For example, "seccure", "minisign", "age", even "ssh-keygen -Y". Especially cool are "seccure" which uses passphrases as private keys (no more private key files ever!) and "ssh-keygen -Y" which uses ssh keys which everyone already has anyway.
If you are writing a new software and thinking about integrating PGP, do yourself a favor and look for alternatives. If this is something developer-oriented, I recommend using something based on SSH keys, like git does.
If you are serious about needing e2ee, using few sessions (well, devices) and actually verifying fingerprints OOB is a must, and that's true for all E2EE methods AFAIK?
> and actually verifying fingerprints OOB is a must, and that's true for all E2EE methods AFAIK?
most E2EE messaging services (e.g. Matrix, Signal, WhatsApp) enable verifying other people instead of devices, reducing the required verifications for one person to 1 instead of 1 per session
* https://articles.59.ca/doku.php?id=pgpfan:tpp
PGP certainly has its problems, but isn't really special compared to other similar things. The big advantage that PGP has is that it is a stable and well known standard. There is a tendency to imply that it is insecure in some way, but no real evidence seems to exist to that effect.