I'm yet to finish watching the talk, but it starts with them confirming the demo fraudulent .iso with sequoia also (they call it out by name), so this really makes me think. :)

Sequioa hasn't fixed the attack from the beginning of the talk, the one where they convert between cleartext and full signature formats and inject unsigned bytes into the output because of the confusion.

The latest version of a bad standard is still bad.

This page is a pretty direct indicator that GPG's foundation is fundamentally broken: you're not going to get to a good outcome trying to renovate the 2nd story.

That's just not true. Nothing in this page is a problem with the standard and everything in this page is the outdated parts of the old standard.

So then why do a bunch of these affect Sequoia as well?