There's currently no way to tell when a vendor has changed their PGP keys. If Grams time-stamped their keys, it would mitigate a LOT of suspicion about vendors getting flipped.
I think it's pretty obvious we need some sort of time-verification system like this. Otherwise, who tf knows when vendors have changed their keys? Obviously it's quick to verify keys if you have them saved on your machine, but what about vendors you haven't purchased from?
if some one changes their keys on grams, it will show both keys or create a new vendor , that is why you some time see things like vendor(2) on our info desk