It was well-known that PGP is vulnerable to short-ID collisions, and many experiments were done to demonstrate that. [0] Nevertheless, real attacks started in June, some developers found their fake keys with same name, email, and even "same" fake signatures by more fake keys in the wild, on the keyservers. [1] All these keys have same short-IDs, created by collision attacks, led with some discussions about the danger of short-IDs. Now, it is worth to mention this issue again, since fake keys of Linus Torvalds, Greg Kroah-Hartman, and other kernel devs are found in the wild recently. > We don't know who is behind this, or what his purpose is. We just know this > looks very evil.
Source: LKML: <1471274895@i2pmail …: Fake Linus Torvalds’ Key Found in the Wild, No More Short-IDs.