I was asked by a highly rated vendor to resend my address because the "pgp wasn't right" after he returned from a few consecutive days of being offline. Is this safe or is he compromised? His PGP key didn't change but I still think it's kinda sketchy.
pgp wasn't right sounds like BS. He probably lost the address (I've done that). I'd resend the same address with the same PGP key.