What do you folks make of vendors changing their PGP key? A vendor that I deal with regularly just announced that they were going to start using a new key. This seems a little off to me? Why would a vendor need to suddenly start using a new key? Is this a red flag that they could be compromised?
Its good opsec, as long as they sign the new pgp key with their old one or can still decrypt a message.
If they can't than they probably lost their key or its LE. In this situation I would wait till packs start landing.