Well, I think this thread could solve this problem since the goals of PGP are confidentiality, integrity, non-repudiation, and authenticity. If any one seems sketchy on here and out of character we can write it here and have another known legit vendor can verify them via encrypted msg over the PM, then post results here. May be slightly tedious but it will help