Using PGP for verifying software doesn't work and it is often counterproductive. Users don't understand what they are doing. They don't use PGP and they don't have a WoT so, what's the point.
The worst part is that those same users would demand a step-by-step instructions about how to verify the software. What are the alternatives?