The tutorial makes no mention of sub-keys. I thought using sub-keys was a generally accepted good practice? The use-case being that if the sub-key is compromised, you can invalidate it and issue a new one -- and others who trust the root don't need to update much.
Is that still the case? Was it ever? I don't know enough about PGP to know, unfortunately.
Yes, using subkeys and rotating them is good practice. But really the hardest problem with pgp is getting people to use it in the first place, so let's not focus on subkey use, or upgrading from sha1 to sha256 (or better), or key length (the author uses 1024 bits only).
Though I'm not sure why the author focuses on non-threats like known plain text attacks, which gpg isn't vulnerable to, and not these issues.
Is that still the case? Was it ever? I don't know enough about PGP to know, unfortunately.